Checkmarx

Checkmarx is the global leader in the application security testing market.  Checkmarx comprehensive Software Security Platform easily fits into an automated DevOps, Agile, and CI/CD environment and addresses all stages of the Software Development Life Cycle, enabling agencies to accelerate delivery of secure software.  Swish’s decision to partner with Checkmarx was based on the strength of its application security testing solutions and a strong commitment to the government market.

Checkmarx automated approach shifts more of your agency’s security efforts to the left – driving down costs and delivering applications faster.  It also simplifies your ability to easily document security compliance required by every government agency.  An easy-to-follow test report shows where an application isn’t meeting a specific standard including FISMA, NIST 800.53 and the Risk Management Framework (used by all federal agencies and their contractors), and the DISA STIGs which establish the assessment criteria used by DoD organizations prior to receiving an Authority to Operate (ATO).

Key Benefits

  • Decrease the time to ATO and improve POA&M.
  • Accelerate time to remediation by allowing developers to fix multiple vulnerabilities at a single point in time.
  • Easily set up scan automation with code collaboration tools such as GitHub, GitLab, Bit Bucket, and Azure DevOps.
  • Find vulnerabilities sooner by scanning uncompiled code versus requiring a complete build.

Checkmarx holds a Certification of Networthiness from the U.S. Army (ID 38392) and they are on the DoD Joint Service Provider (JSP) Approved Product List.  The JSP oversees IT procurement for OSD, Office of the Deputy Chief Management Officer and Washington Headquarters.  Inclusion on the DoD’s Approved Products List makes it permissible to field solutions inside DoD networks and it is a requirement to obtain an Authority to Connect (ATC).

Together, Swish and Checkmarx provide a powerful alternative to separate software security testing tools, transforming the standard for secure application development.