Sr Manager consultant - Digital assurance Services at ADROSONIC
Consultant
Top 20
2024-03-05T08:56:24Z
Mar 5, 2024
Checkmarx Software Composition Analysis is a good tool I have used in multiple projects, especially in banking and insurance domains. It is a good tool for static code review and SAST analysis. I want to understand the cost of the other tools in the market compared to Checkmarx Software Composition Analysis because our company needs to make recommendations to our customers. Considering the budget of our company's customers, we need to make recommendations to them. My company uses the tool to support banking applications by indulging in static code analysis.
VP Software Developer/Architect at a financial services firm with 5,001-10,000 employees
Real User
Top 20
2023-09-01T14:17:09Z
Sep 1, 2023
We use SCA for security scanning and routing. The replica is really good. It's supposed to measure vulnerabilities. We use SCA to scan our code for vulnerabilities on a regular basis. Every new release is assessed for vulnerabilities using Checkmarx's SCA tool.
My customers' main use cases for this solution are based on its open-source library. Another use case is with supply chain attacks because It checks the integrity of the library and not just the hash, checksum, or version.
Basically, I review the code of the developer and find the vulnerability in that, and then I get back to the developer to resolve and remediate the vulnerability on the dashboard. We also review the source code of the developer just as if some developer cracked the code for the kind of product development or production phase, or initial phase. We then review Checkmarx with the support of the developer and get it corrected right away at that time.
Learn what your peers think about Checkmarx Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
The purpose of software composition analysis is to identify any open-source components that may contain vulnerabilities. It is especially important because, nowadays, developers often download algorithms from the internet while they are developing software, but these downloaded components need to be scanned for vulnerabilities. Additionally, developers may not pay close attention to open-source components' legal and licensing aspects, which can cause serious problems. Therefore, it is necessary to use software composition analysis as protection, and Checkmarx's SCA tool is very beneficial for this purpose.
We are an IT security research and development lab. We have around 22 engineers doing research and testing and developing add-ons and complementary solutions. We are the strategic development partner of Checkmarx. We are using the latest version of this solution.
Checkmarx Software Composition Analysis (SCA) helps organizations manage the risks associated with open source and third-party components in their software applications. While leveraging open source libraries and third-party dependencies is common practice, it can also introduce security vulnerabilities and license risks.
Checkmarx SCA offers a multifaceted approach to managing these risks by:
Automatically scanning project repositories, build configurations, and manifests to create a...
We have the tool integrated into our CI/CD pipeline.
Checkmarx Software Composition Analysis is a good tool I have used in multiple projects, especially in banking and insurance domains. It is a good tool for static code review and SAST analysis. I want to understand the cost of the other tools in the market compared to Checkmarx Software Composition Analysis because our company needs to make recommendations to our customers. Considering the budget of our company's customers, we need to make recommendations to them. My company uses the tool to support banking applications by indulging in static code analysis.
I use it to check software library versions for potential vulnerabilities.
We use SCA for security scanning and routing. The replica is really good. It's supposed to measure vulnerabilities. We use SCA to scan our code for vulnerabilities on a regular basis. Every new release is assessed for vulnerabilities using Checkmarx's SCA tool.
My customers' main use cases for this solution are based on its open-source library. Another use case is with supply chain attacks because It checks the integrity of the library and not just the hash, checksum, or version.
Basically, I review the code of the developer and find the vulnerability in that, and then I get back to the developer to resolve and remediate the vulnerability on the dashboard. We also review the source code of the developer just as if some developer cracked the code for the kind of product development or production phase, or initial phase. We then review Checkmarx with the support of the developer and get it corrected right away at that time.
The purpose of software composition analysis is to identify any open-source components that may contain vulnerabilities. It is especially important because, nowadays, developers often download algorithms from the internet while they are developing software, but these downloaded components need to be scanned for vulnerabilities. Additionally, developers may not pay close attention to open-source components' legal and licensing aspects, which can cause serious problems. Therefore, it is necessary to use software composition analysis as protection, and Checkmarx's SCA tool is very beneficial for this purpose.
Checkmarx Software Composition Analysis is used for detecting vulnerabilities in the open source software component of a project.
We use Checkmarx Software Composition Analysis in our development process. We use it when we work with end users for the development of software.
We use it for scanning .NET and Java applications. We are using its latest version.
We are an IT security research and development lab. We have around 22 engineers doing research and testing and developing add-ons and complementary solutions. We are the strategic development partner of Checkmarx. We are using the latest version of this solution.