Checkmarx Enhances Software Exposure Platform
March 06, 2019

Checkmarx unveiled major advancements to accelerate adoption of the most comprehensive, unified software security solution on the market.

As the application layer increasingly is the source of successful attacks, risks are amplified as organizations move to agile development and DevOps without implementing proper DevSecOps practices. The latest release of the Checkmarx Software Exposure Platform adds to the management and orchestration layer of the industry’s first unified software security solution released in August 2018 for organizations to:

- Simplify and streamline the managing policies: Using a unified policy engine for both proprietary code and open source software components, organizations can easily define goals and business outcomes jointly defined with business owners and DevOps to determine security risk thresholds for specific applications and projects based on predefined or custom security policies.

- Correlate vulnerabilities across the SDLC for higher result confidence: Leveraging the Checkmarx correlation engine, organizations can easily see if vulnerabilities are present across multiple stages of the SDLC to validate findings. For example, by correlating vulnerability findings between CxSAST and CxIAST, organizations gain the confidence that security risks identified in both source code and runtime applications represent real security risk to the organizations.

- Get Full Visibility into Software Exposure: A new Software Exposure Dashboard presents code vulnerabilities by project, giving business stakeholders full visibility into the organizations’ software security posture over time and presents key KPIs for actual code exposure including the number of outstanding vulnerabilities, their severity and average remediation velocity. Users are also able to zoom into specific projects to view status and metrics.

- Efficiently Remediate Code Vulnerabilities: Checkmarx’s new intelligent remediation engine feeds raw findings across Checkmarx CxSAST, CxOSA and CxIAST and fine tunes the results using machine learning algorithms, to filter out false positives and make correlations to increase confidence levels. User defined policies are applied to automatically generate prioritized findings. This gives organizations actionable results based on business impact and helps organizations focus on what matters most.

- Improved User Management and Access Control: Role-based access control across the Software Exposure Platform allows organizations to define roles with specific permissions and access to meet security and compliance mandates.

The Checkmarx Software Exposure Platform tightly integrates Checkmarx CxSAST, CxOSA, CxIAST and CxCodebashing via a unified management and orchestration layer to address the entire software exposure lifecycle. Checkmarx also offers expert services for software security deployment to advance customers’ DevSecOps programs.

“Software security continues to increase in its significance and importance as a security practice in line with digital transformation and software growth,” said Assaf Dar, Chief Product Development Officer, Checkmarx. “We are committed to helping our customers run their software security programs at scale across their entire portfolio, across the entire SDLC. Checkmarx’s unified Software Exposure Platform addresses software security from end-to-end empowering organizations to move to a true DevSecOps model and deliver secure software faster.”

Share this

Industry News

August 04, 2020

Aqua Security announced that its Cloud Native Security Platform is available through Red Hat® Marketplace, an open cloud marketplace that makes it easier to discover and access certified software for container-based environments across the hybrid cloud.

August 04, 2020

Threat Stack announced the availability of Threat Stack Container Security Monitoring for AWS Fargate.

August 04, 2020

OpenLogic by Perforce now provides an enterprise-class alternative to Oracle Java by offering OpenJDK distributions backed by OpenLogic support.

August 03, 2020

MuseDev launched on Github Marketplace the Early Access version of its code analysis platform, Muse, to help developers find and fix critical security, performance, and reliability bugs, efficiently, before they reach QA or production.

August 03, 2020

Styra announced Rego Policy Builder for the Styra Declarative Authorization Service (DAS).

August 03, 2020

Felicis Ventures has invested an additional $5M in Sourcegraph, bringing the total raised to over $46M, including a $23M Series B in March 2020 led by Craft Ventures.

July 30, 2020

New Relic delivered strategic updates to New Relic One.

July 30, 2020

IT Revolution announced the DevOps Enterprise Summit Las Vegas 2020 will be going virtual.

July 30, 2020

Adaptavist announced the acquisition of Go2Group, a US technology firm specializing in Agile and DevOps services and cloud solutions for the enterprise.

July 29, 2020

Panaya announced a new partnership with Worksoft providing SAP IT organizations with a best in class Change Intelligence solution that enables SAP ECC users to migrate or optimize their system risk-free.

July 29, 2020

Splice Machine launched the Splice Machine Kubernetes Ops Center, deployed with Helm Charts.

July 29, 2020

CirrusHQ, an Amazon Web Services (AWS) Advanced Consulting and Solution Provider partner, has achieved AWS DevOps Competency Status.

July 28, 2020

NetSPI launched Static Application Security Testing (SAST) and Secure Code Review (SCR) services.

July 28, 2020

Centrify debuted Delegated Machine Credentials (DMC) as part of the Centrify Privileged Access Service to reduce risk and empower automation in increasingly complex, infrastructure-as-code-based elastic environments.

July 28, 2020

Tricentis announced an expansion of its strategic partnership with SAP.