Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)
N/A
Microsoft Visual Studio Code
Score 9.2 out of 10
N/A
Microsoft offers Visual Studio Code, a text editor that supports code editing, debugging, IntelliSense syntax highlighting, and other features.
If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.
Microsoft Visual Studio Code is highly recommended for the development of systems and / or complex applications entrusted to work teams under a specific methodology, and its use is also recommended for the maintenance of previously developed applications.
It is not recommended as a learning environment for developers with little experience as the learning curve would be too high
Solid tool that provides everything you need to develop most types of applications. The only reason not a 10 is that if you are doing large distributed teams on Enterprise level, Professional does provide more tools to support that and would be worth the cost.
Their API based customizations which I leveraged to create an ASPM package, which is developer friendly and can extend above the dashboard features, other ones are UI which is great and feels clutter free. Menu and navigation is also good so as support. Only drawback is sometimes scan takes longer which I feel so can be reduced
Looking at our current implementation, Microsoft Visual Studio Code is perfect for writing code and performing debug operations. Integration with SVN repository is easy and changes can be tracked effectively. Microsoft Visual Studio Code supports developers to write code productively using syntax check and easy customization. Microsoft Visual Studio Code also provides support for IntelliSense which prompts suggestions for code completion. It is easy to step through code using interactive debugger to inspect the root cause of error quickly.
Active development means filing a bug on the GitHub repo typically gets you a response within 4 days. There are plugins for almost everything you need, whether it be linting, Vim emulation, even language servers (which I use to code in Scala). There is well-maintained official documentation. The only thing missing is forums. The closest thing is GitHub issues, which typically has the answers but is hard to sift through -- there are currently 78k issues.
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems
[Microsoft] Visual Studio Code beats the competition due to its extensibility. Their robust extensions architecture combined with the plethora of mostly free extensions written by the community can't be beaten. The fact that this tool itself is provided by a world-recognized company, Microsoft, free of charge is phenomenal. The goodwill garnered by them is immeasurable. Other tools I've used were missing features or were just too rigid, too complicated, or too unsophisticated for my liking. The fact that VS Code is easy to mold to my will with the right extensions seals the deal.
Positive impact on minimizing time wasted by employees with software installation and setup
Positive impact on reducing spend on software licensing
Positive impact on minimizing time used to manage different applications for different purposes - this performs all of the functions we need in basic coding
