Checkmarx is a leading provider of software security solutions with a strong track record of delivering innovative and effective solutions to organisations around the world. The company was founded in 2006 and is headquartered in Israel with offices around the world. Checkmarx’s solutions are used by organisations of all sizes across a wide range of industries, including financial services, healthcare and government.

checkmarx-logo-square

What is Checkmarx?

Checkmarx balances the needs of the entire organisation, from DevSecOps to CISOs, ensuring seamless security throughout the entire software lifecycle (SDLC) from inception. Its integrated security solutions and exceptional global services give you seamless, secure enterprise software development and unparalleled visibility while building great applications.

As your trusted AppSec partner, Checkmarx puts you first by delivering technical expertise and expert research that uncovers new vulnerabilities, attack vectors and trends to provide the insights you need to efficiently secure tomorrow’s software.

Checkmarx protects your brand by greatly reducing risk in even the most complex code environments. It helps you get better results, manage change and seamlessly integrate all your technologies together.

With its award-winning Application Security Testing solutions, Checkmarx enables developers to safely accelerate their work. Checkmarx technology, a globally diverse culture and a commitment to solving real problems make Checkmarx your preferred AppSec partner.

SAST
Source Code Scanning

Identify and fix more vulnerabilities before submitting your code.

SCA
Open Source Scanning

Find and eliminate risks in your open source code.

IAST
Interactive Code Scanning

Identify vulnerabilities and runtime risks during functional testing.

Codebashing
Secure Code Training

Provide developers with fun, integrated, and targeted AppSec training.

KICS
Open Source Security for IaC

Identify and correct insecure IaC configurations that put you at risk.

As software is at the heart of digital transformation, it’s critical to ensure that a developer is secure from initial code to production. Securing the modern application landscape of custom code, open source libraries, open source supply chain, infrastructure as code (IaC), containers and more requires a single platform that your teams can trust to fully address your risks without slowing you down.

THE POWER OF CHECKMARX ONE:
A PLATFORM BUILT WITH RICH INNOVATIONS

infosec-checkmarx

What is Checkmarx One Application Security Platform?

Checkmarx One Platform delivers essential application security testing services from a unified, cloud-based platform. It analyses source code, open source and supply chain dependencies, IaC templates, collects and validates results and augments them with expert solution recommendations in a single scan. Moreover, these services integrate directly into your existing development tools and processes.

The Checkmarx One platform is delivered from a secure cloud, isolated from data. This eliminates the burden of managing the AST infrastructure and enables continuous service updates and functionality enhancements. With the platform, you can perform a comprehensive code scan from a single event, such as a click in the user interface or a request/code submission to a source code repository.

The Checkmarx One Platform allows you to test, verify, correct and secure all the code that makes up your modern applications. The platform provides the most comprehensive approach to managing your risks and accelerates development, delivery and deployment timelines for the applications your organisation relies on.

1c31fd1ce3fe2fa92010df

List of Application Security Test Services

Static Application Security Test (SAST)
By scanning code early and often during software development, SAST identifies vulnerabilities in your application source code and provides insights into how to address complex security issues at the source code level.

Software Composition Analysis (SCA)
SCA empowers you and your teams with the tools and knowledge you need to address vulnerability and licence risks associated with open source code in the applications you build, deploy and maintain.

Supply Chain Security (SCS)
SCS enables developers to perform vulnerability, behavioural and reputation analysis of dependencies, giving you a more comprehensive and proactive approach to preventing supply chain attacks and securing open source usage.

API Security
API Security provides continuous auditing and actionable data to help you protect your APIs from vulnerabilities and exposed application logic and sensitive data before they go live.

Dynamic Application Security Testing (DAST)
By testing your running applications from the outside, DAST helps you gain additional security analysis by simulating attackers launching various attack scenarios to help find vulnerabilities that cannot be identified during runtime.

Infrastructure as Code (IaC) Security
KICS (IaC) scans your IaC files to find vulnerabilities, compatibility issues, and infrastructure misconfigurations. With more than 2,000 predefined queries, KICS can help you quickly find IaC security issues before infrastructure is deployed.

Container Security
Container Security provides information about the current security status of your container-based systems and workloads, including container images and running containers.

What is Checkmarx Fusion?

Checkmarx Fusion leverages a holistic view of application security scan results across all stages of the software lifecycle to correlate and prioritise vulnerabilities, guiding the remediation of the most critical issues first. Checkmarx Fusion is part of Checkmarx One, the industry’s most comprehensive application security platform.

Unlike ASOC solutions, Checkmarx Fusion offers multi-engine scan correlation and context-based risk prioritisation of scan results across engines. Checkmarx Fusion empowers developers and AppSec teams with these four key elements:

Visibility

It provides threat modelling by mapping threats in a visually intuitive graph that includes all software elements, consumed cloud resources and the relationships between them.

Correlation

It provides context to siloed scanners by combining and correlating results from static code scans and runtime scans, which helps eliminate false positives.

Prioritisation

Focuses teams on solving the most critical issues that are most important to their business by prioritising vulnerabilities based on their real risk and potential impact.

Cloud Based

It covers cloud-based architecture, including microservices, cloud resources, containers and APIs, while correlating insights from pre-deployment to runtime.

Why Prefer Checkmarx One Platform?

Combining critical services and integrated, proven technology, the Platform provides you with

Batch Scans: Enable multiple scan types with a single action and correlate results to get a complete, more accurate view of your code security.

Faster Time to Value: Start your AppSec programme in hours, not days, with fast onboarding, simple configuration and advanced scan tuning.

Speed and Scalability: Benefit from secure, cloud-powered scanning at any capacity without the need to manage scanning infrastructure.

Fewer Issues and Overhead: Integrate the platform into your existing software build pipelines and feedback systems instead of using siloed AST solutions that slow down software development and delivery.

Broad Technology Coverage: Cover your entire development portfolio with support for more than 30 languages, the most popular package managers, and a growing list of IaC templates.