Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)
N/A
Microsoft Visual Studio Code
Score 9.3 out of 10
N/A
Microsoft offers Visual Studio Code, an open source text editor that supports code editing, debugging, IntelliSense syntax highlighting, and other features.
If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.
As a general workhorse IDE, Microsoft Visual Studio Codee is unmatched. Building on the early success of applications such as Atom, it has long been the standard for electron based IDEs. It can be outshone using IDEs that are dedicated to particular platforms, such as Microsoft Visual Studio Code for .net and the Jetbrains IDEs for Java, Python and others. For remote collaborative development, something like Zed is ahead of VSCode live share, which can be quite flakey.
The customization of key combinations should be more accessible and easier to change
The auxiliary panels could be minimized or as floating tabs which are displayed when you click on them
A monitoring panel of resources used by Microsoft Visual Studio Code or plugins and extensions would help a lot to be able to detect any malfunction of these
Solid tool that provides everything you need to develop most types of applications. The only reason not a 10 is that if you are doing large distributed teams on Enterprise level, Professional does provide more tools to support that and would be worth the cost.
Their API based customizations which I leveraged to create an ASPM package, which is developer friendly and can extend above the dashboard features, other ones are UI which is great and feels clutter free. Menu and navigation is also good so as support. Only drawback is sometimes scan takes longer which I feel so can be reduced
Microsoft Visual Studio Code earns a 10 for its exceptional balance of power and simplicity. Its intuitive interface, robust extension ecosystem, and integrated terminal streamline development. With seamless Git integration and highly customizable settings, it adapts perfectly to any workflow, making complex coding tasks feel effortless for beginners and experts alike.
Overall, Microsoft Visual Studio Code is pretty reliable. Every so often, though, the app will experience an unexplained crash. Since it is a stand-alone app, connectivity or service issues don't occur in my experience. Restarting the app seems to always get around the problem, but I do make sure to save and backup current work.
Microsoft Visual Studio Code is pretty snappy in performance terms. It launches quickly, and tasks are performed quickly. I don't have a lot of integrations other than CoPilot, but I suspect that if the integration partner is provisioned appropriately that any performance impact would be pretty minimal. It doesn't have a lot of bells and whistles (unless you start adding plugins left and right).
Active development means filing a bug on the GitHub repo typically gets you a response within 4 days. There are plugins for almost everything you need, whether it be linting, Vim emulation, even language servers (which I use to code in Scala). There is well-maintained official documentation. The only thing missing is forums. The closest thing is GitHub issues, which typically has the answers but is hard to sift through -- there are currently 78k issues.
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems
Visual Studio Code stacks up nicely against Visual Studio because of the price and because it can be installed without admin rights. We don't exclusively use Visual Studio Code, but rather use Visual Studio and Visual Studio code depending on the project and which version of source control the given project is wired up to.
It is easily deployed with our Jamf Pro instance. There is actually very little setup involved in getting the app deployed, and it is fairly well self-contained and does not deploy a large amount of associated files. However, it is not particularly conducive to large project, multi-developer/department projects that involve some form of central integration.
