Static code analysis - Identify & fix security vulnerabilities

Checkmarx CxSAST is a powerful Static Source Code Analysis solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code.

Checkmarx CxSAST can be integrated seamlessly into the Software Development Life Cycle (SDLC), enabling the early detection and mitigation of crucial security flaws in all major programming languages.  CxSAST shows where and how to fix the vulnerability with a single click.


We scan un-compiled code 

By scanning the source code itself, CxSAST can be integrated smoothly within the SDLC and provide near real-time feedback on the code and its security. Both auditors and developers can scan incomplete code in the midst of the development process without having to achieve a build, ultimately allowing the discovery of vulnerabilities much earlier during the SDLC and saving significant costs.


Best Fix Location - We show you the best place to fix your code

The best-fix location feature is a CxSAST centerpiece allowing the user to optimize remediation efforts to the max saving countless developer hours and frustration. CxSAST static code analysis maps the data-flow from input to sink and identifies critical nodes where multiple attack vectors converge enabling you to eliminate multiple vulnerabilities with a single fix. This is especially helpful while scanning large code bases. This is complemented by a set of remediation advice for a wide range of vulnerabilities providing the developer with in-context secure coding training.

Quick and Accurate Scanning

CxSAST static code analysis is accurate. We achieve a low rate of false positives (less than 5%) by applying smart code analysis algorithms. In addition, it is easy and quick to adapt CxSAST to your proprietary code so that accuracy can be enhanced even further. We offer professional services to do it for you.

Flexible Reporting

It is easy to generate reports and create customized dashboards as per your requirements by choosing the exact metrics you wish to track and its format. Sample reports include risk score trend per project, areas for improvement by team, etc.

CxSAST offers integration into external dashboards such as Sonar or Threadfix.

Incremental Scanning


CxSAST unique Incremental Scanning enables you to run a full scan once, with consecutive scans only testing the parts of the code that have been changed, along with their dependencies.

With Incremental Scanning, the time to scan is greatly reduced and is especially useful within agile development environments.

March 2015

Data Sheet

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.