DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More Topics
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Latest News Releases » Checkmarx Accelerates Vulnerability Remediation for Open Source Code with New Software Composition Analysis Solution

Checkmarx Accelerates Vulnerability Remediation for Open Source Code with New Software Composition Analysis Solution

By: Deborah Schalm on June 2, 2020 1 Comment

CxSCA harnesses Checkmarx’s best-in-class automation capabilities to enable developers to find, prioritize, and remediate critical open source vulnerabilities earlier and faster

Recent Posts By Deborah Schalm
  • Exabeam Reinvents Security Analytics with Fusion XDR and Fusion SIEM Cloud Products to Address Security Needs at Scale
  • New Study Reveals Importance of Optimized Strategy for the Selection, Support, and Maintenance of Open Source Software
  • Applitools Integrates With Rally for Fast and Automated Bug Management
More from Deborah Schalm
Related Posts
  • Checkmarx Accelerates Vulnerability Remediation for Open Source Code with New Software Composition Analysis Solution
  • The U.S. Navy’s NIWC Pacific Selects Checkmarx to Accelerate Application Development, Bolstering Nation’s Security Posture Against Adversaries
  • Deepfactor Partners with Synopsys to Help Developers Resolve Cloud Native Supply Chain Security Risks
    Related Categories
  • Latest News Releases
    Related Topics
  • Checkmarx
  • CxSCA
Show more
Show less

RAMAT GAN, ISRAEL – June 2, 2020 – Checkmarx, the global leader in software security solutions for DevOps, today announced the launch of Checkmarx SCA (CxSCA), the company’s new, SaaS-based software composition analysis solution. CxSCA leverages Checkmarx’s industry-leading source code analysis and automation capabilities, empowering security and development teams to easily identify vulnerabilities within open source software that present the greatest risk and enable developers to focus and prioritize remediation efforts accordingly. This dramatically reduces time spent from the point of vulnerability detection to remediation and increases developers’ overall productivity.

DevOps/Cloud-Native Live! Boston

Existing approaches to securing open source within software often produce lengthy vulnerability reports riddled with inaccuracies, making it difficult for developers to understand where best to allocate their time and attention. CxSCA alleviates these challenges with its unique automatic triage capabilities, generating scan results with the greatest possible accuracy and delivering these findings directly to developers. With this insight, development teams can prioritize remediation efforts based on the level of risk presented by found vulnerabilities and accelerate remediation processes to deliver high-quality, more secure software faster.

CxSCA delivers industry-leading open source security risk awareness, visibility, and prioritization capabilities, while also increasing operational efficiency for DevOps and AppSec teams. When coupled with Checkmarx SAST (CxSAST), organizations can secure both custom and open source code with one powerful, cohesive solution that provides unified management for project creation and scans, including the ability to run automated scans in source code repositories, such as GitHub, GitLab, and BitBucket, among others.

According to Gartner, “the combination of SAST and SCA can help deliver higher-fidelity results. The addition of SCA capabilities within an existing suite of testing tools can simplify installation, integration, administration, and maintenance.” 1

“While the open source vulnerability landscape continues to expand, organizations are also increasingly shifting security responsibilities onto developers, creating a dire need for innovative SCA solutions that accelerate developer remediation cycles,” said Nir Livni, VP of Products, Checkmarx. “With CxSCA, Checkmarx enables development organizations to address open source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so they can deliver secure software faster and at scale.”

CxSCA can be used independently or as part of the broader Checkmarx Software Security Platform that also includes SAST, IAST, and integrated developer AppSec training and awareness, giving development teams a single, unified approach to managing their application security posture.

Additional CxSCA features include:

  • Extensive Database of Open Source Libraries and Vulnerabilities: Cultivated by the Checkmarx Security Research Team, CxSCA’s exclusive database of open source libraries and vulnerabilities – even those with no corresponding CVE at the time of discovery – provides greater security and risk awareness above and beyond the National Vulnerability Database (NVD).
  • Seamless DevOps Integration: CxSCA easily integrates into the entire SDLC offering relevant, actionable open source vulnerability insight and remediation guidance to streamline developer workflows and expedite delivery timelines.
  • Scalability & Flexibility: CxSCA’s secure, SaaS-based flexible deployment model gives developers the scale and speed needed to meet their most demanding requirements, allowing them to remain focused on developing secure software rather than managing infrastructures.

Availability: 

CxSCA is available today. For more information and to schedule a demo, visit here.

Additional Resources:

  • eBook: Open Source Cookbook – The Ultimate Guide to Software Composition Analysis 
  • 2020 Gartner Magic Quadrant for Application Security Testing
  • 2020 Gartner Critical Capabilities for Application Security Testing

1 – Gartner, Technology Insight for Software Composition Analysis, Dale Gardner, 1 November 2019

About Checkmarx

Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive Software Security Platform that unifies with DevOps and provides static and interactive application security testing, software composition analysis, and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities. Checkmarx is trusted by more than 40 of the Fortune 100 companies and half of the Fortune 50, including leading organizations such as SAP, Samsung, and Salesforce.com. Learn more at www.checkmarx.com.

 

 

Filed Under: Latest News Releases Tagged With: Checkmarx, CxSCA

Sponsored Content
Featured eBook
The 101 of Continuous Software Delivery

The 101 of Continuous Software Delivery

Now, more than ever, companies who rapidly react to changing market conditions and customer behavior will have a competitive edge.  Innovation-driven response is successful not only when a company has new ideas, but also when the software needed to implement them is delivered quickly. Companies who have weathered recent events ... Read More
« Survey Surfaces Tension Between Software Speed and Quality
Chef Extends IT Automation Reach »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Modernizing Jenkins Pipelines With CD Automation
Tuesday, May 17, 2022 - 11:00 am EDT
Applying the 2022 OSSRA Findings to Software Supply Chain Risk Management
Tuesday, May 17, 2022 - 1:00 pm EDT
Getting Mainframe and IBM i Data to Snowflake
Tuesday, May 17, 2022 - 3:00 pm EDT

Latest from DevOps.com

Why Over-Permissive CI/CD Pipelines are an Unnecessary Evil
May 16, 2022 | Vladi Sandler
Why Data Lineage Matters and Why it’s so Challenging
May 16, 2022 | Alex Morozov
15 Ways Software Becomes a Cyberthreat
May 13, 2022 | Anas Baig
Top 3 Requirements for Next-Gen ML Tools
May 13, 2022 | Jervis Hui
Progress Expands Scope of Compliance-as-Code Capabilities
May 12, 2022 | Mike Vizard

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

DevOps: Mastering the Human Element
DevOps: Mastering the Human Element

Most Read on DevOps.com

Agile/Scrum is a Failure – Here’s Why
May 10, 2022 | Richi Jennings
How Waterfall Methodologies Stifle Enterprise Agility
May 12, 2022 | Jordy Dekker
How to Secure CI/CD Pipelines With DevSecOps
May 11, 2022 | Ramiro Algozino
Update Those Ops Tools, Too
May 11, 2022 | Don Macvittie
The COVID-19 Pandemic’s Lasting Impact on Tech
May 11, 2022 | Natan Solomon

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.