Checkmarx Software Exposure Platform
The Checkmarx Software Exposure Platform aligns Software Security with DevOps culture, detecting, intelligently prioritizing, and remediating exposure across the software development lifecycle (SDLC) from the coding stage through the runtime application testing stage.
Features
- Static Application Security Testing - CxSAST
- Interactive Security Testing - CxIAST
- Open Source Analysis Security Testing - CxOSA
- Just-in-time Security Vulnerability training - CxCodebashing
- Management and Orchestration Layer
Benefits
- Automatically scan uncompiled code
- Identify hundreds of security vulnerabilities
- Compatible with the most prevalent coding languages
- Enforces open source analysis as part of the SDLC
- Ensures that vulnerable Opensource components are removed or replaced
- Detects vulnerabilities in running applications under test
- Built for DevOps, it seamlessly integrates into your CI/CD pipeline.
- Software Security training platform that sharpens the skills developers need
- Easily track, manage and remediate security risks at scale
Pricing
£91,500 an instance
- Education pricing available
- Free trial available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at licensing_uk@eficode.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 11
Service ID
1 9 4 8 2 8 6 9 7 5 7 1 0 7 8
Contact
EFICODE UK LIMITED
Jon Olsen
Telephone: +44 (0) 845 459 9530
Email: licensing_uk@eficode.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- No
- System requirements
- Web application - users access via web browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 24 hours, 7 days a week
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
• Online Help-desk
• Phone technical support
• Remote technical diagnosis
• On-site support - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- User documentation is provided and included. Onsite training is provided at request and subject to additional charge.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Xml export
- End-of-contract process
- Users no longer have access to service.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Linux or Unix
- MacOS
- Windows
- Other
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Mobile devices are only supported on the Mobile views.
- Service interface
- No
- API
- Yes
- What users can and can't do using the API
- CxSAST includes a REST-based CxSAST API that supports the latest version of the REST protocol. The CxSAST (REST) API provides the ability to manage all CxSAST related tasks. The following data can be consumed through the CxSAST (REST) API; Login, Projects, Scans, Scan Results, Scan Reports, Engines, Managing Users, Data Retention and Open Source Analysis. For more information about the CxSAST (REST) API, refer to the CxSAST (REST) API Summary.
- API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- No
- Customisation available
- No
Scaling
- Independence of resources
- Each deployment sized in accordance with requirements.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Atlassian
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- Never
- Protecting data at rest
- Other
- Other data at rest protection approach
- Dependent of security requirements
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Out of the box Admin feature.
- Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
- Xml
- Data import formats
-
- CSV
- Other
- Other data import formats
- Xml
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- Other
- Other protection between networks
- Varies depending on customer requirements
- Data protection within supplier network
- Other
- Other protection within supplier network
- Varies depending on customer requirements
Availability and resilience
- Guaranteed availability
- Varies on deployment type and customer requirements.
- Approach to resilience
- Available on request
- Outage reporting
- Email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Variety of options available dependent on requirements.
- Access restriction testing frequency
- Never
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Available on request
- Information security policies and processes
- N/A
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Dependent on customer SLA
- Vulnerability management type
- Undisclosed
- Vulnerability management approach
- Varies on deployment type and customer requirements.
- Protective monitoring type
- Undisclosed
- Protective monitoring approach
- Varies on deployment type and customer circumstances
- Incident management type
- Undisclosed
- Incident management approach
- Varies on deployment type and customer circumstances.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £91,500 an instance
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- A limited one week trial available on a shared public cloud. Access available on request.
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at licensing_uk@eficode.com.
Tell them what format you need. It will help if you say what assistive technology you use.