Add Secure Static Source Code Analysis inside your build process
This extension is now unpublished from Marketplace. You can choose to uninstall it.
Checkmarx is a powerful single unified security solution for Static Source Code Analysis (CxSAST) and Software Composition Analysis (CxSCA) designed for identifying, tracking and fixing technical and logical security flaws.
Checkmarx is integrated seamlessly into the Microsoft’s Software Development Life Cycle (SDLC), enabling
the early detection and mitigation of crucial security flaws.
#Checkmarx provides the following key benefits:
Scan source code
Integrates smoothly within the SDLC to provide detailed near real- time feedback on code security state
Best fix location
Highlights the best place to fix your code
Quick and accurate scanning
Reduce false positives, adapt the rule set to minimize false positives, and understand the root cause
Just test the parts of the code that have been changed since last code check-in to reduce scanning time by
more than 80%. Enables incorporation of the security gate within your continuous integration pipeline
Works with all IDEs, build management servers, bug tracking tools and source repositories
Protect Your Full Code Portfolio (Open Source and In-house Source Code)
Analyzing open source libraries, making sure licenses are being honored and weeding out any open source components which expose the application to known vulnerabilities,
Checkmarx Open Source solution provides complete code portfolio coverage under a single unified solution and with no extra installations or administration required.
Easy to initiate Open Source Analysis
Enhancing your code portfolio risk assessment coverage is merely a few mouse clicks away. With Checkmarx’s Open Source Analysis, there is no need for additional installations or multiple management interfaces. Simply turn it on and within minutes a detailed report is generated with clear results and detailed mitigation instructions. Analysis results are designed with the developer in mind.
No time is wasted on trying to understand the required actions items to mitigate the detected security or compliance risk.