Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)
N/A
GitHub Copilot
Score 8.9 out of 10
N/A
GitHub Copilot is presented as an AI pair programmer, that plugs into the user's editor. It then turns natural language prompts into code, offers multi-line function suggestions, speeds up test generation, filters out common vulnerable coding patterns, and blocks suggestions matching public code.
If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.
Copilit is fantastic at the following: 1. Solving simple, well-defined problems, such as implementing an algorithm, manipulating a data structure, or string manipulation and regex. 2. Implementing simple APIs that are mainly CRUD in nature, with moderate business logic inside them, which may involve some processing or passing the data through an algorithm. 3. Implementation of well-defined activities, such as implementing a connection to an Oracle DB using Hibernate or JDBC, or implementing boilerplate code for a backend service to listen to Kafka events. It is not that great when it comes to understanding and implementing code in a proprietary DSL. It struggles when implementing a major feature across a complex codebase. I believe developers should also adopt the trust-but-verify paradigm when expecting highly secure or regulated code from GitHub Copilot.
Their API based customizations which I leveraged to create an ASPM package, which is developer friendly and can extend above the dashboard features, other ones are UI which is great and feels clutter free. Menu and navigation is also good so as support. Only drawback is sometimes scan takes longer which I feel so can be reduced
I feel that GitHub Copilot's overall usability is good due to its tight integration with Visual Studio and the workspace. However, developers expect greater ease of use, as there is a learning curve to realize productivity gains with the tool fully. I think there is room for improvement in GitHub Copilot's UI integration within Visual Studio.
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems
It is useful that copilot integrates so well with vscode, which is a very common IDE. I used Tabnine for a little while but it was not that intuitive, and did not seem as helpful as GitHub copilot was. I have enjoyed GitHub copilot a lot, especially the ease of hitting the tab key and seeing quick progress in my tasks.
