Application Security Testing solutions from Checkmarx

  • 22 Apr 2021 6:25 PM
    Message # 10340296

    I am partnering with Checkmarx and if there is an interest in their solutions, please let me know and we can arrange a call with their DoD Account Manager.  Here is some information for your consideration.

    The Checkmarx Software Security Platform provides a centralized foundation for operating your suite of software security solutions for Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), Software Composition Analysis (SCA), and application security training and skills development.

    Built to address every organization’s needs, the Checkmarx Software Security Platform provides the full scope of options: including private cloud and on-premises solutions. Allowing a range of implementation options ensures customers can start securing their code immediately, rather than going through long processes of adapting their infrastructure to a single implementation method

    Key Checkmarx Differentiators –


    • Automation is based on the product’s capability to resolve file dependencies separately from the build process.  We call this unique capability Virtual Compilation, and it means you can very easily scan source code files from disparate sources – pipeline, repository, or zip files – and obtain accurate scan results with far greater ease and far greater consistency than other SAST solutions.


    • Intelligent Remediation is a collection of unique features that make Checkmarx a very efficient tool for resolving security issues reported by the CxSAST scanner itself.  These include best fix location (a single point for remediation of multiple issues); scan comparison to show at the line of code level what has been fixed and how (or what has created a new issue and where); and, 100% transparent and customizable security queries that you can customize to tune up or done for sensitivity. The same features also provide much more informative analyses of root cause problems to return to the programs themselves to remediate.


    The platform is ranked #1 by the 2020 Gartner peer review with these top five (5) Gartner ranked preferences for Checkmarx over all others –


    1. Ease of Use and Developer Adoption
    2. Automation and SDLC Integration
    3. Accuracy and Coverage
    4. Customization and Flexibility
    5. Analysis Speed


    And here are the corresponding features explaining why –


    • Ease of Use: Compilation free scanning and intelligent remediation, simple to provision and operate;
    • Automation/Integration: Out-of-the-box integration with most standard DevOps orchestration, IDE and viewing tools;
    • Accurate: Top of class scan accuracy and alignment with Federal standards (NIST, STIG, and NIAP);
    • Customizable scanning rules, APIs and CLI to support your specific scanning and policy needs; and,
    • Analysis Speed: 50% to 75% faster scanning times and comprehensive incremental scans to fully support the speed of DevOps.


    The Checkmarx product line is now number one commercially for new customer selection, and in the Federal space the company has made a big impact in 2020, including major legacy Application Security replacements in all of the DoD services. Notably in DoD during the past year, Checkmarx was selected and deployed by the Navy as the SAST standard for their Compile to Combat in 24 Hours (C2C24) initiative, and significant awards were made by DISA’s Joint Service Provider (JSP) and by the USAF Business Enterprise Systems Directorate, to name a few.

Fast Rope

Powered by Wild Apricot Membership Software