Application Security Testing (AST)

Integrates simple one-click Application Security testing, designed for the cloud development generation and delivered from the cloud, it seamlessly secures your entire codebase so can you deliver and deploy more-secure code.

Purposely designed for today’s technology stack, processes, vulnerabilities, and risks, the Checkmarx One AST Platform™ is a solution you can rely on. It enables you to simplify security—in application source code, open source dependencies, supply chains, IaC, APIs, containers, and more—all from a single scan.

Provides fast and accurate scans – incremental or full. Flexible and accurate application security without having to build the code first. You just need to check in the code, scan it to get results quickly. Developers can launch scans and view the results within their development environment.

Supports dozens of programming languages and frameworks. Checkmarx SAST is compatible with virtually every mainstream IDE, source code management (SCM) platform, CI server, and so on. Add security scanning seamlessly to existing development pipelines with Checkmarx plugins and out-of-the-box integrations.

Remediation guidance and best fix location ensure you know where and how to resolve a security issue. Our SAST tool helps you fix security flaws quickly and deploy software releases rapidly and continuously.

Gives development, security, and operations teams the tools and insights to address risks associated with the open source code components in their applications. It automatically reveals compromised dependencies, provides a recovery guide as well as license compliance. You can identify the third-party code as well as where it resides within your development landscape. Automated software lists (SBOMs; software bill of materials) are used to check whether the code is vulnerable or safe.

Supply Chain Security in combination with SCA delivers automated, policy-based, open source security for DevSecOps. Checkmarx is the solution for managing supply chain risks. Traditional SCA identifies packages with known vulnerabilities (CVEs) or packages that have yet to be updated to a latest version. SCS focuses more on tactics, techniques, and procedures that attackers use to infiltrate an open source supply chain. SCS is part of the SCA module of the platform.

The platform can analyze the basic container images used to build an application's container. It also evaluates these images against a continuously updated list of container images with known issues. This prevents applications from being built on insecure foundations. Container security is also included in the SCA part of the platform.

Using SAST (Static Application Security Testing), this tool discovers every API in modern applications at the source code level. With a full understanding of your API inventory, you can eliminate the problem of shadow and zombie APIs. After automatically discovering and building the API inventory, the solution compares it to the inventory that developers have created themselves. This allows you to quickly isolate security problems. Checkmarx API Security complements runtime security checks such as WAFs and API gateways. These controls create the API context that allows you to keep pace with the rapidly changing application footprint.

Scalable scanning of Infrastructure as Code (IaC) via the platform. This solution simplifies code analysis of IaC files and correlates findings with the Checkmarx One AppSec Platform. It automatically detects unsafe configurations that could expose applications, data or services to attacks. It also offers a better visual insight into the scan results via the platform.

It uses Checkmarx Fusion (see below) to correlate IaC scan results with findings from other scan engines. This gives direction to prioritizing the problems. That puts an end to juggling the overload of warnings to find out which ones really matter.

With more than 2000 customizable queries, it finds vulnerabilities, compliance issues and misconfigurations in IaC solutions such as Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, Helm, Google Deployment Manager, AWS SAM, Microsoft ARM and OpenAPI 3.0 specifications.

Includes native integrations with popular repositories such as GitHub and GitLab, and feedback solutions such as Jira. For example, you can create a ticket to manage scan results in GitHub.

Provides unprecedented, advanced result correlation between the various Checkmarx application security testing solutions. In this 'merger' you see the actual risks so that you can prioritize the right fixes. It visualizes the security risk of an application in the form of a topological view of all threats. This is an easy-to-read chart that shows all software elements, cloud resources consumed, and their interrelationships. Fusion combines and correlates the results of static code scans and runtime scans to eliminate false positives. This reduces warning fatigue and provides a reliable picture of the overall risk position.

Unlike traditional classroom or video-based training, Codebashing is a fun, hands-on, interactive solution that developers can follow as they work. Developers don't learn about security vulnerabilities for a day or more. No, they get bite-sized, on-demand sessions relevant to the specific challenges they face in their code. This form of AppSec Awareness and Secure Code training is much more effective.

Checkmarx offers a unique integration between their SAST solution and their hands-on training in secure coding. The vulnerabilities identified by SAST are linked to relevant, practical training lessons for rapid and targeted remediation guidance. The developer learns why the problem occurred, how to fix it and - more importantly - how to avoid making the same mistake again. All this in less than 5 minutes per lesson.