For embedded system software development

Integrated Solutions

From project management to design and verification for international standards compliance

Source-code-based application security vulnerability detection solution

Checkmarx

A SAST solution that quickly and easily analyzes a wide range of security vulnerabilities that may occur in source code based on secure coding guidelines, and guides you to the optimal places to apply fixes.

#SecurityVulnerabilities #SAST #SourceCodeSecurity #SecurityTesting #OpenSourceSecurity #SecurityWeakness #OpenSourceVulnerabilities #ApplicationSecurity #checkmarx

Checkmarx is one of the world’s most powerful SAST solutions, analyzing a wide range of security vulnerabilities in source code quickly and easily based on secure coding guidelines such as OWASP Top 10, SANS Top 25, CWE, and DISA STIG, and guiding the best locations to remediate them. Recognized as the No.1 user-rated product for five consecutive years (2018–2022) in the Application Security Testing category by Gartner, Checkmarx is also adopted by more than half of the Fortune Global 50 companies as their vulnerability scanning tool.

Key Features

Uncompiled source code scanning

Enable rapid vulnerability remediation during development to shorten delivery timelines

Vulnerability management

Improve remediation efficiency by providing prioritization and guidance for fixing detected vulnerabilities

Attack vector specification

Provide expected attack path information to help quickly understand root causes and establish 대응 measures

Remediation advice

Provide clear remediation guidance so that even non-experts can learn and apply how to fix vulnerabilities

Key Capabilities

Support for all major development languages

Support more than 20 programming and scripting languages
Continuously updated to keep up with modern development environments
No language-specific configuration required—one-click analysis

Optimized vulnerability remediation guidance

Provide the best fix location through the Best Fix Location algorithm
Offer actionable remediation guidance so even non-security specialists can apply fixes easily
Reduce time spent improving security weaknesses

Open source vulnerability analysis

Provide security vulnerability insights and remediation guidance for open source
Check for open source license violations

Comprehensive security weakness coverage

· Web applications: OWASP Top 10, Korea secure coding guidance (MOIS)
· U.S. Government: DISA-STIG, FISMA
· Healthcare: HIPAA
· Finance: PCI DSS
· Automotive: MISRA
· Software security weaknesses: CWE
· Other standards: SANS 25, BSIMM

Automated security policies

Seamless integration with most IDEs, build servers, bug tracking tools, and source repositories
A core element of the Software Development Life Cycle
Improve the security testing quality of delivered products

Integration and automation across diverse development environments

List of major vulnerabilities covered

Industries

Automotive Software & IT Services Semiconductor Aerospace & Defense Government & Public Sector Financial Services

Use Cases

Automotive

Reduce vehicle cybersecurity risk and meet global OEM security requirements

Perform static and dynamic security analysis on vehicle ECU and connected service software to identify vulnerabilities early in development and support security verification aligned with ISO/SAE 21434 requirements.

Aerospace & Defense

Strengthen security for mission-critical systems and improve cyber threat readiness

Proactively remove code vulnerabilities and malicious code risks through static and dynamic security analysis for weapon systems and aviation software, and support reliability readiness aligned with DO-178C and MIL-STD standards.

Financial Services

Strengthen PCI DSS compliance and minimize payment security risk and data leakage exposure

Perform static and dynamic security analysis on payment systems and financial applications to identify vulnerabilities in source code early and systematically support application security controls required by PCI DSS. By eliminating vulnerabilities from the development stage, you can protect payment data and operate secure financial services.