Wir helfen Unternehmen seit 18 Jahren,
bessere Software zu finden
Checkmarx One
Was ist Checkmarx One?
Checkmarx One bietet Unternehmen eine cloudnative Anwendungssicherheitsplattform, die sich auf die Bereitstellung von toolübergreifenden, korrelierten Ergebnissen konzentriert. Dies hilft Anwendungssicherheits- und -entwicklerteams beim Festlegen von Prioritäten bezüglich Zeit und Ressourcen.
Checkmarx One bietet umfassendes Scannen von Anwendungen im gesamten SDLC (Software Development Lifecycle):
* SAST (Static Application Security Testing)
* SCA (Software Composition Analysis)
* API-Sicherheit
* DAST (Dynamic Application Security Testing)
* Containersicherheit
* IaC-Sicherheit (Infrastructure as Code)
* Korrelation, Priorisierung und Risikomanagement
* Codebashing-Schulung für sicheren Code
* KI-Sicherheit
* Technische Partnerschaften zur Erweiterung der Anwendungssicherheit auf Laufzeitanalysen
* Entwickler-Tool-Integrationen, einschließlich: CI-/CD-Tools (Continuous Integration/Continuous Delivery),
Entwicklungs-Frameworks, Feedback-Tools, IDEs (Integrated Development Environments),
Programmiersprachen und SCM-Systeme (Source Code Management)
Checkmarx One unterstützt die sichere Anwendungsentwicklung von der ersten Codezeile bis zur Bereitstellung und Laufzeit in der Cloud. Mit einem sich ständig weiterentwickelnden Toolset hilft Checkmarx One, Anwendungssicherheitslösungen zu konsolidieren und Ergebnisse besser zu verstehen.
Wer verwendet Checkmarx One?
Checkmarx One wurde für Anwendungssicherheitsmanager, CISOs (Chief Information Security Officers) und Softwareentwickler entwickelt und gibt jeder Gruppe die Tools an die Hand, die sie zum Erstellen eines erfolgreichen Anwendungssicherheitsprogramms und zur Entwicklung von Vertrauen in die Entwicklungssicherheit benötigen.
Du bist nicht sicher, ob Checkmarx One das Richtige ist?
Mit einer beliebten Alternative vergleichen
Checkmarx One
Bewertungen über Checkmarx One
Gives a full 360 degree view of vulnerabilities in static code
Kommentare: My personal overall experience with SAST is positive. I like that I can tweak queries myself and if there is something I can't do, support is just a phone call/ticket away. They respond to all inquiries very quickly.
Vorteile:
The ability to use CI/CD pipelines so when the build task kicks off, scanning for static code and open source libraries is done at build time.
Nachteile:
The only thing I do not like is we have some languages that the product does not support like ColdFusion and R-Code.
Checkmarx a strong and reliable competitor
Kommentare: It has been a good experience, the support is fast and reliable. The tool work as expected and you can use the api integration to go even further.
Vorteile:
Easy of use, the 0 complexity it adds to configure a new project, it feels to work in a collaborative way even in an on premise environment.
Nachteile:
The implementation requires Windows and SQL, i would prefer that it runs on linux with postgresql. The reporting could be improved.
Super expensive but also feels outdated
Kommentare: Overall I did not enjoy using it.
Vorteile:
It certainly covers all the vulnerability rules you would ever need.
Nachteile:
It is SUPER expensive, very slow and the reporting is too messy. It would have been better if it can take a more integrated into the code approach like Sonar.
CxSAST - A great static software analyzer
Vorteile:
CXSast has several very important advantages. The first is that the code is scanned before it is even compiled, this means that de developers can scan and fix while they are still in the coding process. Second CXSAST fully integrates in any devops proces. Scanning and reporting will be doen from within the screens developers work in, so no unneccesary switching between screens. (see extention CXflow) Nex to that the rules (or queries) are open, every one can see them or a organisation can tailor them to their own need. If needed a FP free setup can be created! V9.3 now enable installation of the engines on Linux, you can dockarize the stuff Last but not least CXSast can be setup with additions such as CX-SCA (opensource analysis) and CX-IAST (passive IAST scanning)
Nachteile:
The installation can sometimes be difficult. However Checkmarx counters this by offering free installation services for their costumers.
Preferred Vulnerability Management Tool
Vorteile:
Can be used to analyse application, source code, byte code, and binaries for coding and design conditions.Key elements of the checkmarx dashboard can be split into two sections, namely scan, statistics and scan trends.
Nachteile:
Unavailable or downtime of application causes delay in deploying the code through pipeline which is integrated with Checkmarx.
Intuitive software
Vorteile:
Finding code vulnerabilities is hard. CxSAST makes it easy. Not only does it point out the vulnerability, it explains why the code is vulnerable, which is very valuable for future proofing code.
Nachteile:
Can sometimes include false positives. However this is mitigated by selecting “proposed not exploitable” if necessary.
Its on OK Product
Vorteile:
We use this tool to check security vulnerabilities Option to configure multiple projects Compare the results between two scans Download the report results
Nachteile:
Not very User-Friendly. Takes time to run the scan Difficult to configure with development studios.