Checkmarx Software Composition Analysis Reviews

We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the application.

Checkmarx Software Composition Analysis provides identification of libraries and suggestions for version upgrades. It has improved identification capabilities, scalability, and integration with AI, such as the AI-powered suggestions.

We use SCA for security scanning and routing. The replica is really good. It's supposed to measure vulnerabilities.

We use SCA to scan our code for vulnerabilities on a regular basis. Every new release is assessed for vulnerabilities using Checkmarx's SCA tool.

It has helped us identify and fix security vulnerabilities in our code. For example, we were able to fix a SQL injection vulnerability that could have been exploited by attackers.

Checkmarx Software Composition Analysis is a good tool I have used in multiple projects, especially in banking and insurance domains. It is a good tool for static code review and SAST analysis. I want to understand the cost of the other tools in the market compared to Checkmarx Software Composition Analysis because our company needs to make recommendations to our customers. Considering the budget of our company's customers, we need to make recommendations to them.

My company uses the tool to support banking applications by indulging in static code analysis.

The most valuable feature of the solution stems from the rules it offers. I also like the coverage it provides while having to deal with fewer false positives.

We have the tool integrated into our CI/CD pipeline. 

The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all libraries that are vulnerable and the extent of their vulnerability.

The tool's most valuable feature is visibility. Not only does it identify vulnerabilities and their severity, but it also provides solutions for fixing them.

The solution's remediation recommendations have been very beneficial in our development process. They provide better visibility into the types of vulnerabilities that can be fixed and offer guidance on addressing them.

We use Checkmarx Software Composition Analysis for scanning software for security vulnerabilities.

The most valuable feature of Checkmarx Software Composition Analysis is the comprehensive security scan.

I use it to check software library versions for potential vulnerabilities.

I appreciate the user-friendly interface. The GUI is excellent, providing detailed information on outdated versions, including version numbers and the flow of library calls. This allows me to plan and prioritize library changes based on potential vulnerabilities, even if the affected library is indirectly used in my project. The tool offers specific guidance on addressing these issues.       

Basically, I review the code of the developer and find the vulnerability in that, and then I get back to the developer to resolve and remediate the vulnerability on the dashboard. We also review the source code of the developer just as if some developer cracked the code for the kind of product development or production phase, or initial phase. We then review Checkmarx with the support of the developer and get it corrected right away at that time.

The integration part is easy. It will also be compatible with a developer because a lot of tools are needed to write code, just like in Java. And then, users have the Eclipse software tool that writes code in Java, while Checkmarx also supports integration with Eclipse. So it becomes much easier for developers to find the vulnerabilities and see if they are correct or if they need to be correct. Checkmarx will highlight those lines and words which will be vulnerable on that code. They will highlight, and they will prompt, but we have to correct it.

The purpose of software composition analysis is to identify any open-source components that may contain vulnerabilities. It is especially important because, nowadays, developers often download algorithms from the internet while they are developing software, but these downloaded components need to be scanned for vulnerabilities.

Additionally, developers may not pay close attention to open-source components' legal and licensing aspects, which can cause serious problems. Therefore, it is necessary to use software composition analysis as protection, and Checkmarx's SCA tool is very beneficial for this purpose.

The most valuable feature is that it can ensure the security of the software when downloading open-source components from the internet. It is the first and foremost benefit. Secondly, even though these components may be shared or free, there can still be license issues, and young developers may not pay attention to this aspect, which can be very dangerous and lead to serious penalties in the future.