<< Back to Partners


Checkmarx CxSAST is a highly accurate and flexible Source Code Analysis product that allows organizations to automatically scan un-compiled/un-built code and identify hundreds of security vulnerabilities in the most prevalent coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

Fluent in all major languages

  • Checkmarx Static Code Analysis supports 20 coding and scripting languages and their frameworks
  • Coverage for the latest development technologies 
  • Zero configuration to scan any language 
  • Read more about CxSAST supported languages 

Comprehensive vulnerability coverage

  • Identifies hundreds of known code vulnerabilities 
  • Ensures coverage of security standards (OWASP Top 10, SANS 25 and more) 
  • Addresses industry compliance regulations 
  • Read more about Vulnerability Coverage

Save precious remediation time

  • Unique "Best Fix Location" algorithm of CxSAST static code analysis fixes multiple vulnerabilities at a single point 
  • Any developer can do it 
  • Tons of time saved for developers!

Effortless scan = ease of use

  • No complex command-line or wizards required 
  • No dependencies need to be configured 
  • No learning curve when switching between languages 
  • Just throw code at it!

Fast feedback loop

  • Incremental scan capability only analyzes new code or modified code 
  • Static code analyzer reduces scanning time by more than 80% 
  • Ideal for continuous integration

Provable Results

  • Provides reasoning and proof with all results
  • Shows the underlying Scan Rule to provide root cause
  • Enabled by Checkmarx Open Scan Engine

Flexible rules = high accuracy

  • Adapt the rule set to your proprietary code and minimize False Positives 
  • Expand the rules to your own compliance requirements and coding best practices 
  • Understand the root cause for each result

Automatically enforce your security policy

  • Checkmarx Static Code Analysis software seamlessly inegrates with all IDEs, build management servers, bug tracking tools and source repositories
  • Become an integral part of the SDLC
  • Aligns security testing with quality testing

No developer downtime

  • Scan on server instead of developer's workstation  
  • No slowdown or lockup while scans are running 
  • Developers can continue working on their machines with no interruption

Open source analysis

  • Inventory: which open source components are used? 
  • Security: which known open source vulnerabilities exist and how to fix them 
  • Legal: ensure open-source license usage compliance

Get More Info