The Beehive, City Place, Gatwick, RH6 0PA, United Kingdom
+44 (0)20 801 74646

CodeDx

Correlate and triage vulnerabilities in an app sec system of record

Every organisation knows that it should be testing the security of its applications in-house. But the reality is that the frantic pace of software development doesn’t always leave enough time. Even if there is time, it may only be enough to run a single tool, or a single type of tool, which does little to actually secure your application.

The truth of application security is that one tool won’t cover the whole thing. Static application security testing (SAST) tools, for example, scan your app’s source code for known vulnerabilities, but each one is better (or worse) at finding certain kinds of weaknesses. To make sure you don’t miss a thing, you really need to use multiple tools. That creates a whole new problem, however: you now have a stack of scan results from different tools, each with their own silos of data, representing thousands of vulnerabilities. This is what makes testing so time-consuming: figuring out which flags are real, and weeding out duplicate results. This typically results in an unlucky security specialist (or, more likely, several security specialists) manually reviewing each issue, correlating them with a different technique, and confirming whether or not they are important enough to bring to the DevOps team.

Code Dx Enterprise takes the results of all of your scans, processes them, and gives you a short list with no duplicates. It even points out which vulnerabilities were found by more than one tool, and provides an easy interface to prioritise each one based on severity. This can cut your testing time down, and get your application secured without falling behind schedule.

Key Benefits

You get more effective software testing when you combine multiple tools and techniques with Code Dx Enterprise:

  • Better vulnerability coverage
  • Fewer false positives
  • No duplicate results

Code Dx Enterprise saves you time and resources:

  • Automate the tedious and lengthy process of combining multiple outputs
  • Automate the expensive, labor-intensive task of correlating the results until you’re left with actionable data
  • Automatically select and run a collection of open-source SAST tools and third-party library analysers against your code

Key Features:

  • Automatically combines and correlates the output from multiple tools and manual findings into a single set of results
  • Supports commercial SAST, DAST, and IAST tools
  • Includes bundled SAST tools to get you started
  • Checks your codebase against regulations such as HIPAA
  • Manages remediation with tools to assign and track vulnerability fixes
  • Integrates with the JIRA issue tracking tool
  • Integrates with popular development environments (like Eclipse) so developers can more easily fix them
  • Embeds in continuous integration environments to streamline your process
  • Integrates with other build servers with its REST API
  • Supports XML input for integration with custom or proprietary analysis tools
  • Provides results in SIEM format for analysis by your network security team
  • Generates reports in a variety of formats
  • Checks your third-party components for vulnerabilities with Software Composition Analysis tool support
  • Maps vulnerabilities to the Common Weakness Enumeration
ii
Datasheets
Free Trial

Fill in the form below to get an evaluation of CodeDx

* These fields are required.