Let’s shoot straight: Safety isn’t what builders need to be doing. It’s one thing they should be doing. Till a systemic-level change of paradigm in how growth work is perceived, probably the most – and a few would argue – the one efficient method to drive developer buy-in is to make safety work as straightforward and seamless for them as potential, whereas weaving safety throughout the SDLC.
Add to this the rising development of growth groups gaining a central position in AppSec buying selections, as proven in our current ‘DevSecOps Evolution’ report, and the conclusion turns into clear: An AppSec platform should not solely present probably the most superior danger administration instruments however make them work for each safety groups and builders.
That’s why at present, right here on the RSA Safety Convention 2025, we’re asserting a platform replace with new options that proceed to enhance the developer expertise with Checkmarx One:
- ASPM within the IDE: Bringing prioritized safety insights on to builders’ workspaces
- Artifact Registry Safety: Defending non-public element libraries from vulnerabilities
- Secrets and techniques Detection with Pre-Commit Blocking: Stopping delicate credentials from reaching code repositories
- Head of Engineering Dashboard: Enabling data-driven safety selections for growth management
Let’s discover how this replace strengthens your safety posture, minimizes friction within the growth course of and gives higher safety protection and visibility throughout your entire software program growth lifecycle.
ASPM Delivered Straight Into the IDE
Software Safety Posture Administration (ASPM) is shortly changing into a staple within the AppSec arsenal, correlating and prioritizing outcomes from completely different instruments like SAST, SCA, IaC scanning, and extra, throughout the software program growth lifecycle (SDLC).
Nevertheless, till now ASPM was utilized by and designed for AppSec groups and targeted on danger administration.
However what in regards to the builders?
By embedding Checkmarx’ award-winning ASPM into the event workflow, your group will cut back friction, guaranteeing builders can deal with safety issues successfully and instantly – and know that the time they put money into safety duties is excessive impression.
Extending SCA Safety to Your Personal Registry
Conventional software program composition evaluation (SCA) scans open-source libraries for identified vulnerabilities and license dangers. Checkmarx already took SCA one vital step additional with malicious bundle safety that routinely detects open-source libraries containing malicious code – leveraging the trade’s largest proprietary database of 400,000+ malicious packages.
Constructing on our safety of open-source libraries in public repositories, we’re now increasing SCA protection to incorporate Artifact Registry Safety, beginning with our first of many integrations – JFrog Artifactory – now you can:
- Scan OSS libraries saved in your non-public registry for vulnerabilities or malicious code.
- Customise danger stage and insurance policies stopping the add of non-compliant libraries.
- Block the obtain of non-compliant libraries into dev environments or construct processes.
- Pre-Commit Blocking: Stop Hardcoded Credentials from Reaching Code Repos
The difficulty of leaving hardcoded secrets and techniques in software code is extra frequent than most organizations would care to confess: A current Wired investigation revealed over 15,000 uncovered secrets and techniques throughout hundreds of organizations, together with credentials from courts, universities, and main tech corporations.
Even probably the most vigilant groups aren’t immune from this danger, the place hardcoded secrets and techniques discover their manner into code repositories, leaving their organizations susceptible to menace actors.
The easiest way to fight credential leaks is by stopping secrets and techniques from ever reaching code repositories. That’s the reason Checkmarx has added pre-commit blocking to its Secrets and techniques Detection capabilities.
By routinely detecting delicate info like API keys, passwords, and entry tokens earlier than they attain code repositories, Secret Detection prevents information breaches and compliance violations.
By implementing these protecting measures, organizations create a vital security web that catches human errors and enforces safety insurance policies, considerably decreasing the danger of uncovered secrets and techniques.
Extra Knowledge and Much less Muddle, with New Head of Engineering Dashboard
Checkmarx One’s Analytics dashboard, launched in June 2024, supplied higher actionable insights to empower AppSec groups with a crystal-clear understanding of their safety posture.
In the present day, we’re asserting one other key software for improved visibility, with an up to date Head of Engineering Dashboard. This dashboard helps growth groups put safety information into their very own context and higher handle DevSecOps workforce metrics at scale.
This view permits engineering management to filter safety information by growth workforce, preserve observe of their efficiency, and determine groups and purposes that want extra assist.
Mixed with our code protection indicator that provides element on how a lot of your repositories are coated by scans, growth groups can get an correct image of their dwell safety protection and translate the outcomes into actionable steps.
Study What Checkmarx One Can Do for You
We’re excited to introduce these new capabilities as a part of our April 2025 Platform Replace, as we proceed to reinforce our platform to make your jobs simpler.
To be taught extra about Checkmarx One’s enterprise AppSec answer serving to safety groups and builders safe purposes from code to cloud, guide a dwell demo.
