We use SCA for security scanning and routing. The replica is really good. It's supposed to measure vulnerabilities.
We use SCA to scan our code for vulnerabilities on a regular basis. Every new release is assessed for vulnerabilities using Checkmarx's SCA tool.
It has helped us identify and fix security vulnerabilities in our code. For example, we were able to fix a SQL injection vulnerability that could have been exploited by attackers.
In my experience, a valuable feature is configurability. Moreover, it is easy to understand security results and to scan for vulnerabilities, and also we can access databases to load our information for presentation purposes. So, basically, database configuration on the back end. We use in-house installation.
To make the list of the vulnerabilities more clear and exposed to the users in order to see. Sometimes, we see issues high-level issues vulnerabilities that are not really issues, the interpretation of scanning. Meaning, like, outside, it's not really the issue. But it surfaces as an issue, so we probably may have a database of the errors of the vulnerabilities to expose and maybe even provide some feedback on how valuable the vulnerability is. I'm doing that. So, basically, one area that could be improved is the way that false positives are handled.
In future releases, if we could create a clear RESTful API to just extract the scanning data on user-added applications and presentations.
We've been using Checkmarx for two years in our organization.
I would rate the stability an eight out of ten.
I would rate the scalability a seven out of ten.
The customer service and support were good.
The setup was not difficult with the help of the technical support. They were very helpful.
Overall, I would rate the solution an eight out of ten.
