Checkmarx Named a Strong Performer in Software Composition Analysis by Leading Analyst Firm

3 min.

August 18, 2021

NEW YORK & RAMAT GAN, ISRAEL – August 18, 2021 – Checkmarx, the global leader in developer-centric application security testing (AST) solutions, today announced that it has been positioned as a Strong Performer in The Forrester Wave™: Software Composition Analysis, Q3 2021. Based on Forrester’s analysis of the 10 most significant SCA solution providers, Checkmarx received the highest possible scores in the criteria of market approach, open source vulnerability detection, actionable remediation, and infrastructure-as-code scanning. Notably, this comes on the heels of the company being named a Leader in The Forrester Wave™: Static Application Security Testing, Q1 2021.

According to Forrester, “open source use has exploded, with the average percentage of open source in audited code bases increasing from 36% in 2015 to 75% in 2020. Unfortunately, as firms increasingly rely on external components, they expose themselves and their customers to greater risk when those components include critical vulnerabilities or don’t conform to company policies. In addition, recent incidents like the SolarWinds breach demonstrate the risks of malicious libraries in software and the need for greater transparency in the software supply chain.”1

Since launching CxSCA in June 2020, Checkmarx has elevated the standard for open source security. Leveraging source-level insight from its industry-leading SAST solution, CxSCA empowers security teams to easily identify vulnerabilities within open source software that present the greatest risk and enables developers to focus and prioritize remediation efforts accordingly. Additionally, with its recent acquisition of Dustico, Checkmarx is giving development teams deeper visibility into open source and supply chain risk by combining its AST capabilities with Dustico’s behavioral analysis technology to evaluate the trustworthiness, health, and potentially malicious behavior of open source packages.

“Today’s organizations are laser-focused on protecting themselves from a shifting threat landscape as they build innovative software and deliver unique digital experiences. We’re committed to investing in new capabilities to support these efforts and enable businesses to address emerging risks,” said Emmanuel Benzaquen, CEO, Checkmarx. “It’s clear that our ability to meet customers at any stage of their DevSecOps journeys with best-of-breed AST solutions is resonating. With the addition of Dustico’s leading open source analysis technologies, Checkmarx is better positioned to execute on this mission and empower organizations to build secure applications.”

In addition to CxSCA, Checkmarx offers static and interactive code analysis (CxSAST and CxIAST), developer AppSec training (CxCodebashing), and infrastructure-as-code scanning (KICS). Together, these comprise the industry’s most comprehensive AST platform for development teams to gain visibility into, and secure, all components of software including proprietary code, open source, and IaC from a single solution.


  • Learn more about CxSCA here.
  • Download our eBook, the Ultimate Guide to SCA, here.

1 – The Forrester Wave™: Software Composition Analysis, Q3 2021, Forrester Research, Inc., August 18, 2021

About Checkmarx

Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers while giving CISOs the confidence and control they need. As the AppSec testing leader, we provide the industry’s most comprehensive solutions, giving development and security teams unparalleled accuracy, coverage, visibility, and guidance to reduce risk across all components of modern software – including proprietary code, open source, APIs, and infrastructure as code. Over 1,600 customers, including half of the Fortune 50, trust our security technology, expert research, and global services to securely optimize development at speed and scale. For more information, visit our website, check out our blog, or follow us on LinkedIn.

Media Contacts
Cameron Martin
Public Relations Manager, Checkmarx

Jessica Bettencourt
InkHouse for Checkmarx

Read More

Want to learn more? Here are some additional pieces for you to read.