Now available for use with Checkmarx’s software composition analysis (SCA), the solution restores confidence in modern application development while enabling developers to embrace open source code.
RAMAT GAN, Israel Y ATLANTA, March 22, 2022 /PRNewswire/ — checkmarxthe global leader in developer-focused Application Security Testing (AST) solutions, today announced the launch of the Checkmarx Supply Chain Security solution for identifying suspicious and potentially malicious open source packages throughout the modern application development lifecycle.
According Gartner®i“By 2025, 60% of organizations will strengthen their software delivery channels to protect against supply chain security attacks.”
“Attackers are shifting their attention to the software supply chain by abusing open source software ecosystems, which have traditionally been trusted by the global developer community,” said Checkmarx CEO. Emmanuel Benzaquen. “Checkmarx is bringing a developer-centric approach to detecting supply chain attacks in packets of code, leveraging a comprehensive suite of threat intelligence, behavioral intelligence, and machine learning models.”
Supply Chain Security Research and Thought Leadership
Over the past few months, the Checkmarx security research team has identified hundreds of open source malicious packages. Research articles that highlight three main types: dependency confusion, typosquatting Y chain theft – are available in the Blog. An additional report is available that highlights three emerging trends in open source malicious packages. here.
Working in concert with Checkmarx software composition analysis (ACS), Checkmarx Supply Chain Security it identifies anomalies in the state and security of open source projects, analyzes the reputation of contributors, and also directly interrogates the behavior of packages through analysis inside a detonation chamber. The result is a full-spectrum software supply chain view and analysis that closes a significant gap in organizations’ application security.
“Current solutions on the market are reactive in the sense that they rely on community feedback to detect vulnerable code and analyze the code, but not the person behind it,” said Tzachi Zorenstain, head of network security. Checkmarx supply. “Checkmarx’s supply chain security solution is based on the ‘no code from strangers’ principle and instead references our reputation database, which is like a credit scoring system for a code contributor. Our goal is to help businesses with rapid application development while maintaining the trust of their customers.”
Comprehensive supply chain security for modern application development
Checkmarx Supply Chain Security enables organizations to accelerate modern application development using open source software securely through a comprehensive set of critical capabilities:
- Health and Wellness and Bill of Materials (SBOM) Software: Provides knowledge of the open source package and community, combined with the creation of SBOM.
- Malicious packet detection: Detects dependency confusion, typosquatting, chainjacking and other malicious activities and packages.
- Partner Reputation: Restores confidence in the provenance of open source packages by eliminating the need to manually analyze contributor activity across projects that could impact an organization.
- Behavior analysis: It incorporates static and dynamic analysis to observe how the code is executed. Checkmarx’s supply chain security detonation camera provides deep analysis of code packets and removes ambiguity to defend against stealthy threats.
- Continuous processing of results: Provides constant updates on Checkmarx’s security research and threat hunting, maintaining a reputation and vulnerability database for customer use.
Checkmarx Supply Chain Security is now available. For more information, visit this page.
i Gartner predicts 2022: Modernizing software development is key to digital transformation, by Manjunath Bhat, brand horvath et al., December 3, 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the US and internationally and is used herein with permission. All rights reserved.
checkmarx is constantly pushing the boundaries of application security testing to make security seamless and simple for developers everywhere, while giving CISOs the confidence and control they need. As the leader in AppSec testing, we provide the most comprehensive solutions in the industry, giving development and security teams unparalleled accuracy, coverage, visibility, and guidance to reduce risk across all components of modern software, including proprietary code, open source, APIs and infrastructure as code. More than 1,600 customers, including nearly half of the Fortune 50, rely on our security technology, expert research, and global services to securely optimize development at speed and scale. For more information visit Checkmarx websitereview the Blog or follow the company on LinkedIn.