We use Checkmarx Software Composition Analysis for scanning software for security vulnerabilities.

Checkmarx Software Composition Analysis is a good tool I have used in multiple projects, especially in banking and insurance domains. It is a good tool for static code review and SAST analysis. I want to understand the cost of the other tools in the market compared to Checkmarx Software Composition Analysis because our company needs to make recommendations to our customers. Considering the budget of our company's customers, we need to make recommendations to them.

My company uses the tool to support banking applications by indulging in static code analysis.

We use SCA for security scanning and routing. The replica is really good. It's supposed to measure vulnerabilities.

We use SCA to scan our code for vulnerabilities on a regular basis. Every new release is assessed for vulnerabilities using Checkmarx's SCA tool.

Basically, I review the code of the developer and find the vulnerability in that, and then I get back to the developer to resolve and remediate the vulnerability on the dashboard. We also review the source code of the developer just as if some developer cracked the code for the kind of product development or production phase, or initial phase. We then review Checkmarx with the support of the developer and get it corrected right away at that time.

I use it to check software library versions for potential vulnerabilities.

We use it for scanning .NET and Java applications. We are using its latest version.

Checkmarx Software Composition Analysis is used for detecting vulnerabilities in the open source software component of a project.

We have the tool integrated into our CI/CD pipeline. 

The purpose of software composition analysis is to identify any open-source components that may contain vulnerabilities. It is especially important because, nowadays, developers often download algorithms from the internet while they are developing software, but these downloaded components need to be scanned for vulnerabilities.

Additionally, developers may not pay close attention to open-source components' legal and licensing aspects, which can cause serious problems. Therefore, it is necessary to use software composition analysis as protection, and Checkmarx's SCA tool is very beneficial for this purpose.

My customers' main use cases for this solution are based on its open-source library. Another use case is with supply chain attacks because It checks the integrity of the library and not just the hash, checksum, or version.

We use Checkmarx Software Composition Analysis in our development process. We use it when we work with end users for the development of software.

We are an IT security research and development lab. We have around 22 engineers doing research and testing and developing add-ons and complementary solutions. We are the strategic development partner of Checkmarx. We are using the latest version of this solution.