Checkmarx Accelerates Vulnerability Remediation for Open Source Code with New Software Composition Analysis Solution


RAMAT GAN, Israel – (COMMERCIAL THREAD) – Checkmarx, the global leader in software security solutions for DevOps, today announced the launch of Checkmarx SCA (CxSCA), the company’s new SaaS-based software composition analysis solution. CxSCA takes advantage of Checkmarx’s source code analysis and automation capabilities, allowing security and development teams to easily identify vulnerabilities within open source software that pose the greatest risk and enable developers to understand themselves. focus and prioritize remedial efforts accordingly. This dramatically reduces the time spent between vulnerability detection and remediation and increases overall developer productivity.

Existing approaches to securing open source in software often produce lengthy vulnerability reports riddled with inaccuracies, making it difficult for developers to understand where to best allocate their time and attention. CxSCA mitigates these challenges with its unique automatic sorting capabilities, generating scan results with the highest possible accuracy and delivering those results directly to developers. With this information, development teams can prioritize remediation efforts based on the level of risk presented by the vulnerabilities found and accelerate remediation processes to deliver higher-quality, more secure software faster.

CxSCA provides industry-leading open source security risk awareness, visibility and prioritization capabilities, while increasing operational efficiency for DevOps and AppSec teams. When paired with Checkmarx SAST (CxSAST), organizations can secure both custom and open source source code with a powerful and consistent solution that provides unified management for project creation and analytics, including the ability run automated analyzes in source code repositories, such as GitHub, GitLab, and BitBucket, among others.

According to Gartner, “The combination of SAST and SCA can help provide more faithful results. Adding SCA functionality to an existing suite of testing tools can simplify installation, integration, administration, and maintenance. 1

“As the open source vulnerability landscape continues to expand, organizations are also increasingly shifting their security responsibilities to developers, creating an urgent need for innovative SCA solutions that accelerate developer remediation cycles,” said Nir Livni, vice president of products at Checkmarx. “With CxSCA, Checkmarx enables development organizations to address open source vulnerabilities earlier in the SDLC and reduce manual processes by reducing false positives and background noise, so they can deliver secure software faster and in large scale. ”

CxSCA can be used independently or as part of the larger Checkmarx software security platform which also includes SAST, IAST and AppSec training and awareness of embedded developers, providing development teams with a single, unified approach to manage their application security posture.

Additional features of CxSCA include:

  • Large database of open source libraries and vulnerabilities: Cultivated by Checkmarx’s security research team, CxSCA’s proprietary database of open source libraries and vulnerabilities – even those without a corresponding CVE at the time of discovery – provides greater security and insight into risk beyond the National Vulnerability Database (NVD).
  • Seamless DevOps integration: CxSCA easily integrates into the entire SDLC, providing relevant and actionable information on open source vulnerabilities and remediation advice to streamline developer workflows and accelerate delivery times.
  • Scalability and flexibility: CxSCA’s flexible and secure deployment model gives developers the scale and speed to meet their most demanding needs, allowing them to stay focused on developing secure software rather than managing infrastructure.


CxSCA is available today. For more information and to schedule a demo, go here.

Additional Resources:

1 – Gartner, Technology Insight for Software Composition Analysis, Dale Gardner, November 1, 2019

About Checkmarx

Checkmarx is the global leader in software security solutions for the development of modern enterprise software. Checkmarx provides the industry’s most comprehensive software security platform that unites with DevOps and provides static and interactive application security testing, software composition analysis, and AppSec developer education and training programs for reduce and eliminate the risks associated with software vulnerabilities. Checkmarx is trusted by over 40 of the Fortune 100 companies and half of the Fortune 50, including leading organizations such as SAP, Samsung, and Learn more at

Source link


Leave A Reply