The world runs on code. We secure it.

SAST

Checkmarx Static Application

Security Testing
Software Security is Now a Checkmarx SAST -
Boardroom Issue Unique Values:
Today’s software-driven organizations thrive on > Advanced Automation: Tightly integrates with
common development and application release
developing, delivering, and deploying their own
orchestration tools such as IDEs, build automation
innovative applications to enhance their business tools, source code management tools, and
offerings and better serve their customers. bug tracking systems to streamline scans and
automatically enforce security policies.
However, in an increasingly complex world, securing the
> Find Vulnerabilities Sooner: Checkmarx SAST
lines of code that make up these custom applications scans at the source code level and does not
can be as challenging as it is important. As a result, require a complete build. There are no dependency
some organizations are still either releasing code to configurations and no learning curve when switching
production containing known organic vulnerabilities languages.
or waiting until they are ready to deploy to address > Accelerate Time to Remediation: Allows developers
security-related coding errors. A few years ago, this to fix multiple vulnerabilities at a single point in
the code using our unique “Best Fix Location”
situation was less than ideal. Today, it’s no longer a
remediation guidance.
viable option.
> Better Together: Our SAST is at the heart of
Organizations need a way to embed static application Checkmarx comprehensive suite of application
security testing (SAST) into their dev pipelines as security testing solutions. Cross-product synergies
and integrations enable greater coverage, better
seamlessly as possible, allowing their developers to results, and more intelligent prioritization and
scan their code earlier, more often, and more accurately. remediation.
SAST integration and automation into existing dev
> The Right Choice for Agile and DevOps Teams:
tooling is imperative since it improves application Unique incremental scanning capability analyzes only
security and reduces testing delays. In modern modified or newly introduced lines of code, reducing
application development, with already accelerated scan times by up to 80%, and integrating with CI
servers to fully automate security testing.
development pipelines, it’s crucial to remove anything
slowing or stopping development teams from meeting > Integrates with Your Workflow: Checkmarx SAST
their deadlines. Now, vulnerability detection and enables automated scanning earlier in the code
management process by integrating directly into
remediation “during” software development are must- source code management (SCM) systems and CI/CD
haves. tools, providing end-to-end automation from scanning
to ticketing.
As organizations adopt modern application development
> Complete Understanding of Identified
approaches like cloud native and DevOps, to ensure
Vulnerabilities: With Checkmarx SAST, you can
ever-more aggressive release cycles, security needs view the reasoning and proof of all scan results
to be inseparable from software development, and a to understand the root cause of vulnerabilities.
state of the art SAST solution becomes a fundamental You aren’t limited to the rules everyone else uses.
Checkmarx Open Query language gives organizations
AppSec requirement.
complete control of the intellectual research behind
our SAST.

SOLUTION BRIEF | SAST - CHECKMARX STATIC APPLICATION SECURITY TESTING | 1

SOLUTION BRIEF | SAST - CHECKMARX STATIC APPLICATION SECURITY TESTING | 2

To meet this pressing need, Checkmarx developed

Supporting Coding Languages
and delivers the most innovative SAST solution on the
market, deployed by some of the largest organizations in
the world. Our SAST is an enterprise-grade application
security testing solution that provides high-speed, fully-
automated, flexible, and accurate static code analysis
to identify coding errors that could lead to security
vulnerabilities in custom code.

With the flexibility to run full and incremental scans

whenever they’re needed, Checkmarx SAST provides
comprehensive vulnerability reports that are highly
accurate and prioritized according to their severity,
giving developers guidance on what they need to
remediate first. Our SAST supports a full list of
coding and scripting languages and frameworks.
Built by developers for developers, Checkmarx SAST Comply with Regulatory
has dramatically improved the security of software Standards
applications worldwide.
Standards and regulatory requirements such as PCI-
Checkmarx SAST also fully integrates with Checkmarx DSS, HIPAA, FISMA, and others require organizations
SCA to provide extensive security coverage for both test their code for common risks and potential
custom and open source code. vulnerabilities like those found in the OWASP Top 10
and the SANS Top 25. Checkmarx SAST detects these
issues and more. Plus, with our unique query language
and adjustable queries, you can easily create your own
security policy consisting of the vulnerabilities and
software risks that are most important to your industry
and organization.

Supported Standards

Flexible Deployment Options

Checkmarx SAST is available as a standalone product
and can be effectively integrated throughout the SDLC
to streamline vulnerability detection and remediation.
Our SAST can be deployed on-premises, in the cloud, or
in hybrid environments.

© 2022 Checkmarx Ltd. All rights reserved. Checkmarx is a registered trademark of Checkmarx Ltd. All other marks and trade
names mentioned herein belong to their respective owners. Checkmarx reserves the right to modify, transfer, or otherwise revise this
publication at its sole discretion and without notice.