Introducing Checkmarx Software Composition Analysis (CxSCA)
Continuous Integration ecosystems require a fully integrated security testing solution that fits into your current development and testing tools.
Checkmarx offers a Continuous Security deployment designed to allow operations, developers, DevOps and the security team to easily collaborate on security issues, ensuring security enables the SDLC and doesn’t slow it down.
Checkmarx Continuous Security addresses security with the understanding that DevOps and CICD (Continuous Integration Continuous Delivery) environments are based on speed of delivery.
Organizations employing DevOps methodologies may release hundreds of code updates (builds) a day.
Therefore traditional Application Security testing solutions are considered a road block.
Running analysis of the full code base is out of the question and dynamic application security testing or penetration testing tactics are just not capable of keeping up with the quick release schedules.
On top of full automation as part of the DevOps environment and the software development life cycle, Checkmarx Continuous Security provides a clear advantage by dramatically reducing code analysis times and ensuring analysis is run only on the required pieces of code. Incremental scanning eliminates the time wasted on waiting for results which have already been addressed in past iterations and concentrates on analyzing only the modified code from the previous analysis.
By delivering multiple integration and automation points as part of the software development life cycle, developers do not need to leave their familiar development platforms to initiate code scans and address results in near real-time. Scanning code snippets or full code base analysis happens at a click of a button. This allows vulnerabilities to be detected at their earliest stage and makes mitigation quicker and more reliable as it stays with the original developer and reaches the DevOps team after the code has been initially vetted for security issues.
Enforcement of secure code thresholds can be automated and enforced at the build server to ensure only clean code moves to the next stage in the SDLC. Automated vulnerability reports and dashboards are generated to the platform of choice and security teams are no longer the bottle neck for release.