CxSAST Overview

For the most current information about CxSAST v9.4.0, see /wiki/spaces/SAST/pages/3206351713

Checkmarx CxSAST is a unique source code analysis solution that provides tools for identifying, tracking, and repairing technical and logical flaws in the source code, such as security vulnerabilities, compliance issues, and business logic problems.

Without needing to build or compile a software project's source code, CxSAST builds a logical graph of the code's elements and flows. CxSAST then queries this internal code graph. CxSAST comes with an extensive list of hundreds of preconfigured queries for known security vulnerabilities for each programming language. Using the CxSAST Auditor tool, you can configure your own additional queries for security, QA, and business logic purposes.

CxSAST provides scan results either as static reports, or in an interactive interface that enables tracking runtime behavior per vulnerability through the code, and provides tools and guidelines for remediation. Results can be customized to eliminate false positives, and various types of workflow metadata can be added to each result instance. These metadata are maintained through subsequent scans, as long as the instance continues to be found.

The input to CxSAST's scanning and analysis is the source code, not binaries, so no building or compiling is required, and no libraries need to be available. The code doesn't even need to be able to compile and link properly. Consequently, CxSAST can run scans and generate security reports at any given point in a software project's development life cycle.

CxSAST supports Open Source Analysis (CxOSA) enabling licensing and compliance management, vulnerabilities alerts, policy enforcement and reporting. CxOSA supports all the most common programming languages, enabling organizations to secure all their open source components in addition to the in-house developed code analysis coverage: (see /wiki/spaces/CCOD/pages/853803100).

You can integrate CxSAST into several aspects of your development cycle, such as with software build automation tools (Apache Ant and /wiki/spaces/SD/pages/6124537637), software development version control systems (GIT), issue tracking and project management software (JIRA), repository hosting services (GitHub), application vulnerability management platforms (ThreadFix), continuous integration platforms (Bamboo and Jenkins), continuous code quality inspection platforms (SonarQube) and source code management tools (TFS).

CxSAST scans can be manually activated, periodically scheduled, or initiated upon build by one of our integrated build systems.

CxSAST also supports a wide range of OS platforms, programming languages and frameworks.

CxSAST is deployed on a server and accessed by users via our web interface or one of our IDE plugins (Eclipse, Visual Studio and IntelliJ).

Please contact support with any issues, questions or comments.