DEVOPSdigest

Checkmarx unveiled major advancements to accelerate adoption of the most comprehensive, unified software security solution on the market.

As the application layer increasingly is the source of successful attacks, risks are amplified as organizations move to agile development and DevOps without implementing proper DevSecOps practices. The latest release of the Checkmarx Software Exposure Platform adds to the management and orchestration layer of the industry’s first unified software security solution released in August 2018 for organizations to:

- Simplify and streamline the managing policies: Using a unified policy engine for both proprietary code and open source software components, organizations can easily define goals and business outcomes jointly defined with business owners and DevOps to determine security risk thresholds for specific applications and projects based on predefined or custom security policies.

- Correlate vulnerabilities across the SDLC for higher result confidence: Leveraging the Checkmarx correlation engine, organizations can easily see if vulnerabilities are present across multiple stages of the SDLC to validate findings. For example, by correlating vulnerability findings between CxSAST and CxIAST, organizations gain the confidence that security risks identified in both source code and runtime applications represent real security risk to the organizations.

- Get Full Visibility into Software Exposure: A new Software Exposure Dashboard presents code vulnerabilities by project, giving business stakeholders full visibility into the organizations’ software security posture over time and presents key KPIs for actual code exposure including the number of outstanding vulnerabilities, their severity and average remediation velocity. Users are also able to zoom into specific projects to view status and metrics.

- Efficiently Remediate Code Vulnerabilities: Checkmarx’s new intelligent remediation engine feeds raw findings across Checkmarx CxSAST, CxOSA and CxIAST and fine tunes the results using machine learning algorithms, to filter out false positives and make correlations to increase confidence levels. User defined policies are applied to automatically generate prioritized findings. This gives organizations actionable results based on business impact and helps organizations focus on what matters most.

- Improved User Management and Access Control: Role-based access control across the Software Exposure Platform allows organizations to define roles with specific permissions and access to meet security and compliance mandates.

The Checkmarx Software Exposure Platform tightly integrates Checkmarx CxSAST, CxOSA, CxIAST and CxCodebashing via a unified management and orchestration layer to address the entire software exposure lifecycle. Checkmarx also offers expert services for software security deployment to advance customers’ DevSecOps programs.

“Software security continues to increase in its significance and importance as a security practice in line with digital transformation and software growth,” said Assaf Dar, Chief Product Development Officer, Checkmarx. “We are committed to helping our customers run their software security programs at scale across their entire portfolio, across the entire SDLC. Checkmarx’s unified Software Exposure Platform addresses software security from end-to-end empowering organizations to move to a true DevSecOps model and deliver secure software faster.”