Product Overview

Code Dx Enterprise

What is Code Dx Enterprise?

Code Dx Enterprise is an application security correlation and management system that automates the time-consuming, expensive, labor-intensive process of combining the findings of different AppSec tools, including those that use different techniques, into a single, consolidated set of results. It also provides a centralized interface to prioritize and manage vulnerability remediation.

Power up your application security program

Combine the power of the tools you already trust to get a clear picture of your application’s security.

Building and maintaining an effective application security program takes a lot of time and money (although not as much as recovering from an attack). You invest in a variety of testing tools and equipment, and the actual work of securing an application can take a lot of hard-to-find people. It’s a never-ending battle: the more resources you can commit, the more secure your application will be.

Code Dx Enterprise is designed specifically to make your application security program run faster and more accurately, while reducing time spent and labor costs. It combines and correlates the results from all of your AppSec scanning tools—static and dynamic, commercial and open-source—from a single console, to manage your vulnerabilities more effectively. It integrates with your software development and issue management tools, making your application security program integral to your software development lifecycle, so you can manage and track remediation efforts. Your developers become part of your security process, and your security analysts part of your software development process.

Code Dx Enterprise makes your tools work together to deliver more accurate and actionable results, and your teams work better for more efficient remediation. You can achieve the same level of security with fewer resources, or you can do more with the resources you have. Code Dx Enterprise is a force multiplier for your application security program.

Get started, Stat!

Don’t have an AppSec program yet?

Stat! lets you use multiple static analysis tools all from one simple interface.

Application security can be overwhelming, and many organizations find themselves unsure about where they should start. We all know that a proper, complete application security program should encompass many different AppSec tools and techniques, including manual reviews, under an overall secure software development process. You know that’s necessary, but maybe you just don’t have the resources yet. Maybe you aren’t doing anything yet, but you need to start somewhere. But getting an AppSec program off the ground is tough. To get you started, we’ve created Code Dx Stat!

Stat! gives you one of the core features of Code Dx Enterprise platform—its bundle of open-source static analysis tools—in an easy-to-use interface. It merges the results from all those different tools into a single, coherent set—so it all makes sense—and lets you analyze, prioritize, assign for remediation, and track progress. Stat! automatically configures and runs the right tools for your application’s programming languages, so you don’t have to waste valuable time tracking down the ones that will work for you. Stat! will even check the known vulnerability status of third-party libraries in our code base. In short, we provide everything you need to get started with a static analysis security program to clean up and secure your source code.

And when you’re ready to build out a complete application security program, an upgrade to Code Dx Enterprise will be a natural step forward for you.

Code Pulse

See your scans, live

Dynamic application security testing (DAST) tools are a powerful way to secure your application, but it’s not always easy to tell if you’ve exercised all of the possible code paths, so you don’t know when you’re finished. Code Dx has created a free, open-source tool that shows a live map of your application’s code and how it’s covered as your dynamic tests are running. See in real time how well your tools are performing, and what they’re missing.