Constantly monitoring open source projects for anomalies associated with attack techniques
Analysis includes project metadata, maintainer reputation, and package behaviors in a detonation chamber
Included with Checkmarx SCA to provide developers zero-friction security
At Checkmarx, we focus on creating proactive supply chain security tools so you can rest assured that malicious code doesn’t make it into your applications. Included in Checkmarx SCA, our Supply Chain Security is an important part of the wider Checkmarx mantra: Trusted by CISOs, loved by Developers.
Get our latest security research, open source insights, and product updates. Checkmarx is committed to not just helping organizations create secure applications without slowing developers down, but also to contributing back to open source communities. The following are a few of our open source projects to help secure software supply chains:
ChainJacking is a tool to find which of your Golang direct GitHub dependencies is susceptible to ChainJacking attacks.
Learn more
Designed for the open source community, ChainAlert continuously scans popular packages and alerts when there’s reason to suspect those packages’ accounts were hacked.
Read more
DustiLock is a tool to find which of your dependencies is susceptible to Dependency Confusion attacks.
More detailsGet started today to quickly improve your application security coverage and governance.
GET A FREE DEMO NOW
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.
