Checkmarx, founded in 2006, is a leader in application security solutions, having developed the first platform for true Source Code Analysis (SCA) with its marquee solution: Static Application Security Testing (SAST). Our mission is in enabling organizations to secure applications from the start, reducing risk and cost along the way. Our platforms offer maximum application security for software developers and security experts throughout the Software Development Life Cycle (SDLC), in both Enterprise and Cloud platform models.

Amongst the company’s 1,000 customers are 5 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including SAP, Samsung, and

Open Source Analysis: Security Testing

Prevent vulnerabilities such as OpenSSL Heartbleed, Bash ShellShock and many others from impacting your application’s security posture.

It is almost impossible today to develop commercial software products without relying substantially on open source libraries and components. Over the past few years, we’ve seen tremendous growth in the number of software capabilities offered in open source libraries, as well as the number of open source libraries embedded in each software product. However, while using open source components has many benefits, it also requires companies to manage and control the open source components they use, as well as the adoption process itself, to avoid a variety of legal, technical, and security risks.

Checkmarx Open Source Analysis (OSA) allows organizations to manage, control and prevent the security risks and legal implications introduced by open source components used as part of the development effort.

Key Benefits

  • Centralized Application Security
    The only on-premise solution to deliver in-house code and open source components analysis “under the same roof.”
  • Developer Adoption
    Checkmarx OSA is designed for developers, by developers, making it accessible and intuitive for its intended audience.
  • Best of Breed
    Wide language support and spot on open source component risk detection with Checkmarx OSA.

Protect Your Full Code Portfolio and Operating Systems

Analyzing outdated libraries, making sure licenses are being honored and weeding out any open source components which expose the application to known vulnerabilities, Checkmarx OSA provides complete code portfolio coverage under a single unified solution and with no extra installations or administration required. Rather than frustrating developers with long winded lists within PDF documents, Checkmarx OSA provides developers with a single holistic view of their application portfolio under the same platform.

Fluent in All Common Languages

Checkmarx OSA supports all the most common programming languages, enabling organizations to secure all their open source components in addition to the in-house developed code analysis coverage.

Part of Your Development Lifecycle

Integrate Checkmarx OSA within your build environment and automatically enforce open source analysis as part of the SDLC. Analyze and manage the open source components being used while ensuring that vulnerable components are not part of your portfolio and are removed or replaced before they become a problem.

Easy to Use

Enhancing your code portfolio risk assessment coverage is merely a few mouse clicks away. With Checkmarx’s Open Source Analysis, there is no need for additional installations or multiple management interfaces.

Simply turn it on and within minutes a detailed report is generated with clear results and detailed mitigation instructions.

Analysis results are designed with the developer in mind. No time is wasted on trying to understand the required actions items to mitigate the detected security or compliance risk.