Checkmarx Named A Strong Performer In Software Composition Analysis By Leading Analyst Firm
Checkmarx, the global leader in developer-centric application security testing (AST) solutions, announced that it has been positioned as a Strong Performer in The Forrester Wave™: Software Composition Analysis, Q3 2021. Based on Forrester’s analysis of the 10 most significant SCA solution providers, Checkmarx received the highest possible scores in the criteria of market approach, open source vulnerability detection, actionable remediation, and infrastructure-as-code scanning. Notably, this comes on the heels of the company being named a Leader in The Forrester Wave™: Static Application Security Testing, Q1 2021.
Recommended AI News: Top 10 Martech Platforms Every Marketing Team Love Having In Their Stack
According to Forrester, “open source use has exploded, with the average percentage of open source in audited code bases increasing from 36% in 2015 to 75% in 2020. Unfortunately, as firms increasingly rely on external components, they expose themselves and their customers to greater risk when those components include critical vulnerabilities or don’t conform to company policies. In addition, recent incidents like the SolarWinds breach demonstrate the risks of malicious libraries in software and the need for greater transparency in the software supply chain.”1
Since launching CxSCA in June 2020, Checkmarx has elevated the standard for open source security. Leveraging source-level insight from its industry-leading SAST solution, CxSCA empowers security teams to easily identify vulnerabilities within open source software that present the greatest risk and enables developers to focus and prioritize remediation efforts accordingly. Additionally, with its recent acquisition of Dustico, Checkmarx is giving development teams deeper visibility into open source and supply chain risk by combining its AST capabilities with Dustico’s behavioral analysis technology to evaluate the trustworthiness, health, and potentially malicious behavior of open source packages.
“Today’s organizations are laser-focused on protecting themselves from a shifting threat landscape as they build innovative software and deliver unique digital experiences. We’re committed to investing in new capabilities to support these efforts and enable businesses to address emerging risks,” said Emmanuel Benzaquen, CEO, Checkmarx. “It’s clear that our ability to meet customers at any stage of their DevSecOps journeys with best-of-breed AST solutions is resonating. With the addition of Dustico’s leading open source analysis technologies, Checkmarx is better positioned to execute on this mission and empower organizations to build secure applications.”
In addition to CxSCA, Checkmarx offers static and interactive code analysis (CxSAST and CxIAST), developer AppSec training (CxCodebashing), and infrastructure-as-code scanning (KICS). Together, these comprise the industry’s most comprehensive AST platform for development teams to gain visibility into, and secure, all components of software including proprietary code, open source, and IaC from a single solution.