Sunday, 2 December 2012

Would I recommend Checkmarx as a SAST engine?

I was asked this question twice in the last couple days, and my answer is YES!

Although CheckMarx is still not as open and easy to engage as I would like them to be, they are actually one of the best ones out there.

And there is one asset that CheckMarx SAST engine has that is REALLY GOOOOOOODDDDDDD!!!!

Their rules are written in C# and if you (like me) like to write custom rules, they have a nice REPL interface that can be used by power users (with access to a lot of the metadata and code-transformations created during the analysis phase)

I'm currently integrating TeamMentor with Checkmarx (for a joint customer) and I really like it. You can see our latest PoC at, which includes a view that shows a mapping between:

  • a security finding, 
  • it's CWE description
  • the TeamMentor landing page (for that finding)
  • the C# CheckMarx rule that triggered that finding
There are a number of posts in this blog about Checkmarx, namely the PoC of integrating TeamMentor with Checkmarx (with videos) and the Checkmarx database export, VistaDB in O2, Opening up Checkmark's rules, and more.... (with a bunch of ideas on what could happen next) 

Note: If you are looking at SAST products, here are the other main players:
Note 2: Veracode is currently publishing the Gartner SAST Magic Quadrant which is a good read   


Kayal m said...

Thanks for sharing an excellent post, which is helped to me. Surely I suggest to this blog for my friends and I got extra knowledge from your post. Keep it up and I like more new posts...
Linux Training in Chennai
Linux Course in Chennai
Pega Training in Chennai
Primavera Training in Chennai
Unix Training in Chennai
Embedded System Course Chennai
Linux Training in OMR
Linux Training in Velachery

emilyjoseph said...

I would definitely thank the admin of this blog for sharing this information with us. Waiting for more updates from this blog admin.
Salesforce Course in Chennai
salesforce training institute in chennai
Angularjs Course in Chennai
Ethical Hacking Course in Chennai
Tally Course in Chennai
Salesforce Training in Chennai
Salesforce Training

Sivanandhana Girish said...

This was an excellent info being posted. This would definitely help the needed ones to a greater extend.

IELTS Coaching in Tambaram
IELTS Coaching Centre in Tambaram
IELTS Training in Tambaram
IELTS Coaching In Velachery
IELTS Coaching Centre in Velachery
IELTS Training in Velachery
IELTS Coaching in T Nagar
IELTS Classes in T Nagar
IELTS Training in T Nagar

hari said...

great blog
dot net training in chennai

lekha mathan said...

This is really a valuable post... The info shared is helpful and valuable. Thank you for sharing.
Aviation Academy in Chennai
Air hostess training in Chennai
Airport management courses in Chennai
Ground staff training in Chennai
Aviation Academy in Chennai
best air hostess training institute in chennai
Airline Courses in Chennai
Ground staff training in Chennai

lekha mathan said...
This comment has been removed by the author.
janakikrishnan said...

Looking cool and got valuable pieces of information.
IELTS Coaching in Madurai
IELTS Coaching Center in Madurai
IELTS Training in Madurai
IELTS Training in Coimbatore
IELTS Course in Coimbatore
Best IELTS Coaching in Coimbatore

janakikrishnan said...

Blog taught the things that freshers need to know. Thank you and keep going.

Embedded Course in Coimbatore.
Embedded Training Institute in Coimbatore.
Embedded Training in Coimbatore
Best Embedded Training Institute in Coimbatore
Embedded Systems Course in Coimbatore
Embedded Systems Training in Coimbatore

Unknown said...

Hi,this is Very Nice information Regarding your Software Company and Beautiful Blog Also. So Np compete Also one of the Ios, Android, Java, Devops, UX, Ui, Chat Bot, Company in Chennai
If you want any job Regarding above Positions,, Please give to Your Queries and send your Resume Back to this mail:

Soulblu said...

Wonderful article… Thanks for sharing such useful article E Cigarette Australia