Key Features

 

Stat! Key Features – Focuses on management of vulnerabilities found through static code analysis

  • Contains over 1,500 configurable security/quality rules covering multiple programming languages – see a list of programming languages that Code Dx supports.
  • Automatically configures and runs many bundled static source code analysis tools – see a list of open source SAST tools that Code Dx supports.
  • Checks third-party software component libraries for known vulnerabilities.
  • Maps results to the Common Weakness Enumeration (CWE) and industry standards – see a list of the industry standards that Code Dx supports.
  • Combines and normalizes the output of multiple SAST tools into a single consolidated set of results on a common severity scale.
  • Merges duplicate results with customizable correlation logic.
  • Visual analytics for triage and prioritization of software weaknesses
  • Robust data filtering supports detailed drill-down and organization of weaknesses
  • Links correlated weaknesses to specific line of source code
  • Search filter capability enables in-depth exploration of results
  • Browser-based user interface used to assign, collaborate, and track weakness remediation
  • Generates customizable CSV, XML and PDF assessment reports as well as AlienVault/NBE and Nessus reports. – download a sample Code Dx report of our WebGoat Vulnerability Report.
  • Plug-ins provide support for popular Integrated Development Environments (Eclipse/Visual Studio), continuous integration environments (Jenkins) and security tools (Burp Suite/OWASP ZAP)
  • REST API enables integration with automated build servers
  • Integrates with the popular JIRA Issue Tracking tool and provides support for custom JIRA fields
  • Integrates with the Git Version Control System
  • Supports XML input for integration to custom or proprietary analysis tools

Code Dx Enterprise Key Features – Extends software vulnerability management to include results of hybrid application security testing techniques: static, dynamic and manual analyses

  • Includes all of the features in Stat!
  • Enables manual entry of independently identified weaknesses, for example, from manual code reviews
  • Integrates the results from multiple commercial static source code analysis testing tools – see a list of commercial SAST tools that Code Dx supports.
  • Provides support for several dynamic application security testing tools – see a list of open source and commercial DAST tools that Code Dx supports.
  • Combines and normalizes the output of SAST and Dynamic Application Security Testing (DAST) tools, third-party vulnerabilities and manual findings into a consolidated set of results on a common severity scale
  • New Tool Connectors allow configuration and integration with third-party analysis tools (such as WhiteHat Sentinel and Checkmarx CxSAST), providing automatic incorporation of tool results into the Code Dx Enterprise analysis resultset

WordPress Lightbox Plugin