Checkmarx Enhances Software Exposure Platform
March 06, 2019

Checkmarx unveiled major advancements to accelerate adoption of the most comprehensive, unified software security solution on the market.

As the application layer increasingly is the source of successful attacks, risks are amplified as organizations move to agile development and DevOps without implementing proper DevSecOps practices. The latest release of the Checkmarx Software Exposure Platform adds to the management and orchestration layer of the industry’s first unified software security solution released in August 2018 for organizations to:

- Simplify and streamline the managing policies: Using a unified policy engine for both proprietary code and open source software components, organizations can easily define goals and business outcomes jointly defined with business owners and DevOps to determine security risk thresholds for specific applications and projects based on predefined or custom security policies.

- Correlate vulnerabilities across the SDLC for higher result confidence: Leveraging the Checkmarx correlation engine, organizations can easily see if vulnerabilities are present across multiple stages of the SDLC to validate findings. For example, by correlating vulnerability findings between CxSAST and CxIAST, organizations gain the confidence that security risks identified in both source code and runtime applications represent real security risk to the organizations.

- Get Full Visibility into Software Exposure: A new Software Exposure Dashboard presents code vulnerabilities by project, giving business stakeholders full visibility into the organizations’ software security posture over time and presents key KPIs for actual code exposure including the number of outstanding vulnerabilities, their severity and average remediation velocity. Users are also able to zoom into specific projects to view status and metrics.

- Efficiently Remediate Code Vulnerabilities: Checkmarx’s new intelligent remediation engine feeds raw findings across Checkmarx CxSAST, CxOSA and CxIAST and fine tunes the results using machine learning algorithms, to filter out false positives and make correlations to increase confidence levels. User defined policies are applied to automatically generate prioritized findings. This gives organizations actionable results based on business impact and helps organizations focus on what matters most.

- Improved User Management and Access Control: Role-based access control across the Software Exposure Platform allows organizations to define roles with specific permissions and access to meet security and compliance mandates.

The Checkmarx Software Exposure Platform tightly integrates Checkmarx CxSAST, CxOSA, CxIAST and CxCodebashing via a unified management and orchestration layer to address the entire software exposure lifecycle. Checkmarx also offers expert services for software security deployment to advance customers’ DevSecOps programs.

“Software security continues to increase in its significance and importance as a security practice in line with digital transformation and software growth,” said Assaf Dar, Chief Product Development Officer, Checkmarx. “We are committed to helping our customers run their software security programs at scale across their entire portfolio, across the entire SDLC. Checkmarx’s unified Software Exposure Platform addresses software security from end-to-end empowering organizations to move to a true DevSecOps model and deliver secure software faster.”

Share this

Industry News

January 16, 2020

VAST Data announced the general availability of its new Container Storage Interface (CSI).

January 16, 2020

Fugue has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment.

January 16, 2020

WhiteHat Security will offer free application scanning services to federal, state and municipal agencies in North America.

January 15, 2020

Micro Focus announced the release of Micro Focus AD Bridge 2.0, offering IT administrators the ability to extend Active Directory (AD) controls from on-premises resources, including Windows and Linux devices to the cloud - a solution not previously offered in the marketplace.

January 15, 2020

SaltStack announced the availability of three new open-source innovation modules: Heist, Umbra, and Idem.

January 15, 2020

ShiftLeft announced a partnership and deep integration with CircleCI that enables organizations to insert security directly into developer pull requests from code repositories.

January 14, 2020

Containous closed $10 million in Series A funding.

January 13, 2020

JFrog announced the launch of the free ConanCenter, enabling better search and discovery while streamlining C/C++ package management.

January 13, 2020

Perfect Sense launched Gyro - a cloud management tool that mitigates the risks associated with manually provisioning and managing infrastructure, lack of standards in configurations, and unpredictable results from changes to cloud infrastructure.

January 13, 2020

Synopsys has completed the acquisition of Tinfoil Security, a provider of dynamic application security testing (DAST) and Application Program Interface (API) security testing solutions.

January 09, 2020

IT Revolution, the industry leader for advancing DevOps, opened its call for presentations for both DevOps Enterprise Summit 2020 events in London and Las Vegas.

January 08, 2020

Anchore announced the immediate availability of Anchore Enterprise 2.2.

January 08, 2020

TigerGraph announced new functionality and performance for TigerGraph Cloud.

January 07, 2020

Compuware Corporation announced a CloudBees Technical Alliance Partner Program (TAPP) Premier Partnership and new advancements to Topaz that together enable organizations to quickly achieve low-risk, low-cost mainframe modernization by fully leveraging their existing mainframe resources.

January 07, 2020

Allegro A officially welcomes Allegro Trains Agent to the Allegro Trains ecosystem.