Checkmarx Software Security Platform

Add logs, metrics and traces to production and staging — directly from your IDE or CLI — in real-time and on-demand.

Boost Productivity and gain 100% code-level observability with Lightrun.

Instill security into your CI/CD pipeline and release secure software faster

Checkmarx makes software security essential infrastructure: unified with DevOps, and seamlessly embedded into your entire CI/CD pipeline, from uncompiled code to runtime testing. Our holistic platform sets the new standard for instilling security into modern development.

The New Scale of Software Security Risk

We live in an era of digital transformation, with software at the heart of it. Software is everywhere – in our mobiles, in our computers, in our homes, and our cars. When software is everywhere, everything becomes an attack surface, and your software security risk can become almost limitless. Once you understand the full scale of the problem, you realize that securing your software takes more than a tool.

Unified Standards for Enhanced Software Security

The Checkmarx Software Security Platform provides a centralized foundation for operating your suite of software security solutions for Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), Software Composition Analysis (SCA), and application security training and skills development.

Built to address every organization’s needs, the Checkmarx Software Security Platform provides the full scope of options: including private cloud and on-premises solutions. Allowing a range of implementation options ensures customers can start securing their code immediately, rather than going through long processes of adapting their infrastructure to a single implementation method.

The Checkmarx Software Security Platform transforms the standard for secure application development, providing one powerful resource with industry-leading capabilities, including:

Checkmarx Static Application Security Testing
(CxSAST)

CxSAST is an enterprise-grade, flexible, and accurate static analysis solution capable of identifying hundreds of security vulnerabilities and weaknesses in custom code; supporting over 22 coding and scripting languages and frameworks, with zero configuration necessary to scan any language.

Checkmarx Software Composition Analysis
(CxSCA)

CxSCA is a powerful software composition analysis solution focused on enabling development and security teams to mitigate security risks present in open source software and third-party libraries within their codebase. Users can identify and prioritize open source vulnerabilities, generate an inventory of open source components and dependencies in use, and evaluate the risk of open source license non-compliance.

Checkmarx Interactive Application Security Testing
(CxIAST)

CxIAST fills the critical software security gap by leveraging existing functional testing activities to automate the detection of vulnerabilities on running applications. CxIAST is the industry’s first IAST solution that fully integrates with a Static Application Security Testing solution and offers query language, allowing for greater vulnerability coverage and higher accuracy.

Checkmarx AppSec Awareness Solution
(CxCodeBashing)

Checkmarx Codebashing cultivates a culture of software security that empowers developers to take security into their own hands and be comfortable doing so. Leverage just-in-time training to educate developers on specific challenges they are facing, without diverting them from accomplishing their main task – writing secure code quickly.

Key Benefits

The Checkmarx Software Security Platform is a powerful alternative to separate software security testing tools, delivering impactful benefits like:

A unified, enterprise-class platform for holistic software security

Role-based access control for flexible user-authorization management

Easily set up scan automation with code collaboration tools such as GitHub, GitLab, BitBucket, and Azure DevOps

Tailored for relevance, optimized for scale