Checkmarx
Checkmarx is a leading solution for security source code scans (SAST), which is available as both on-premise as well as cloud (gehosted e.g. in Germany) version.
Checkmarx is able to code written of various programming languages (including Java, C#, PHP and C/C++) for common vulnerabilities such as Cross-site Scripting or SQL injection. Besides a Web GUI and fat client, various other clients and tool integrations do exist making Checkmarx very well suited to be integrated different kinds of development teams and tool chains. For instance, you are able to trigger new scans automatically within your build system (e.g. by the Checkmarx Jenkins Plugin or via direct Rest Call) and have results be analyzed within the development IDE, e.g. with Checkmarx Eclipse plugin (see screenshot bellow).
Checkmarx’ is designed for scalability and performance: For instance, scans are executed by separate scan engines. If you need more capacity you just need to install a new engine instance. In addition, these engines support partial code scans, analyzing only code that has been changed since the last scan.
Highlights
- Available as both cloud and on-premise version
- Scans are executed on application sourcecode (even partial code scans are supported)
- Low number of false positives
- Extensibility of scanning rules
- Distributed architecture ensures scalability
- Integration in to various build systems and developer UIs (e.g. Jenkins or Eclipse)
- Large number of supported programming languages: Java / JSP, ASP.NET, C#, VB.NET, ASP, VB6, C/C++, ObjectiveC, PHP, Perl, Ruby, Python, Groovy, ABAP
Contact
You have questions to one of these products or like to see how it works in a WebEx? Then do not hesitate to contacting our sales team.
[contact-form-7 id=”1634″ title=”Contact Form 1″]