Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing

Checkmarx Static Application Security Testing

Make custom code security testing inseparable from development

Hero Image

Checkmarx SAST

Checkmarx SAST (CxSAST) is an enterprise-grade flexible and accurate static analysis solution used to identify hundreds of security vulnerabilities in custom code. It is used by development, DevOps, and security teams to scan source code early in the SDLC, identify vulnerabilities and provide actionable insights to remediate them. Supporting over 22 coding and scripting languages and their frameworks with zero configuration to scan any language.

Ease of Automation

Seamlessly integrates with all IDEs, build management servers, bug tracking tools and source repositories to automatically enforce a security policy.

Manage Security at Scale

Empower teams to set and use policies to govern application security, enforce them through build-tool integrations and manage remediation efforts through IT workflow support.

Accelerate Time to Remediation

Allow developers to fix multiple vulnerabilities at a single point in the code using our unique “Best Fix Location” algorithm.

Find Vulnerabilities Sooner

Checkmarx SAST scans uncompelled code and doesn’t require complete build. No dependency configurations and no learning curve when switching languages!

Application Security Training for Major Programming Languages and Frameworks

Supported Vulnerabilities

SQL Injection
XXE Injection
Command Injection
Session Fixation
Reflected XSS
Use of Insufficiently Random Values
Persistent (Stored) XSS
Directory (Path) Traversal
Privileged Interface Exposure
Leftover Debug Code
Authentication Credentials In URL

Additional Resources

Case Study

Swiss Private Bank Chooses CxSAST


How to choose a SAST solution


What makes Checkmarx a good fit for DevOps, according to Microsoft.

Ready to Learn More?

Request a Demo