Checkmarx CxSAST is a powerful Static Source Code Analysis solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code.
Checkmarx CxSAST can be integrated seamlessly into the Software Development Life Cycle (SDLC), enabling the early detection and mitigation of crucial security flaws in all major programming languages. CxSAST shows where and how to fix the vulnerability with a single click.
By scanning the source code itself, CxSAST can be integrated smoothly within the SDLC and provide near real-time feedback on the code and its security. Both auditors and developers can scan incomplete code in the midst of the development process without having to achieve a build, ultimately allowing the discovery of vulnerabilities much earlier during the SDLC and saving significant costs.
The best-fix location feature is a CxSAST centerpiece allowing the user to optimize remediation efforts to the max saving countless developer hours and frustration. CxSAST static code analysis maps the data-flow from input to sink and identifies critical nodes where multiple attack vectors converge enabling you to eliminate multiple vulnerabilities with a single fix. This is especially helpful while scanning large code bases. This is complemented by a set of remediation advice for a wide range of vulnerabilities providing the developer with in-context secure coding training.
CxSAST static code analysis is accurate. We achieve a low rate of false positives (less than 5%) by applying smart code analysis algorithms. In addition, it is easy and quick to adapt CxSAST to your proprietary code so that accuracy can be enhanced even further. We offer professional services to do it for you.
It is easy to generate reports and create customized dashboards as per your requirements by choosing the exact metrics you wish to track and its format. Sample reports include risk score trend per project, areas for improvement by team, etc.
CxSAST offers integration into external dashboards such as Sonar or Threadfix.
CxSAST unique Incremental Scanning enables you to run a full scan once, with consecutive scans only testing the parts of the code that have been changed, along with their dependencies.
With Incremental Scanning, the time to scan is greatly reduced and is especially useful within agile development environments.