Checkmarx CxSAST

Basic Information
Version release date
2019-03-17
Software cost
Paid
Software license
Proprietary
Hosting
Self-Hosted
Process Integration
Deployment model
CI Server, Standalone Server
Analysis inputs
Source code
Display results in IDE
Eclipse, IntelliJ IDEA, Visual Studio
CI Integration
Ant, Bamboo, Jenkins, Maven
Can schedule scans
API method to report results in XML/JSON/CSV format
Coverage
Supported programming languages
ASP, C, C#, C++, Go, Groovy, HTML, Java, JavaScript, JSP, Kotlin, Objective-C, Perl, PHP, PL-SQL, Python, Ruby, Scala, Swift, TypeScript, VB.NET, VBScript, Visual Basic
Supported development frameworks
Apex, Node.js, Visualforce
Claimed Weakness Coverage
Claimed Weakness Coverage information hasn't been collected yet for this analyzer.
Really want it? Let us know.
Weakness Coverage

Claimed CWE coverage notes
CGI Reflected XSS CGI Stored XSS Code Injection Command Injection Connection String Injection LDAP Injection Process Control Reflected XSS Reflected XSS All Clients Resource Injection SOQL SOSL Injection SQL injection Second Order SQL Injection Stored XSS UTF7 XSS XPath Injection Access Control Buffer Overflow CGI Reflected XSS All Clients CGI Stored XSS CGI XSS Cookies Scoping Cross Site History Manipulation DB Paramater Tampering Dangerous Functions Data Filter Injection DoS by Sleep Double Free Environment Injection Environment Manipulation Files Manipulation Frame Spoofing Arithmetic Operation On Boolean Blind SQL Injections Client Side Only Validation Cookie not Sent Over SSL Dangerous File Upload Dead Code Deprecated And Obsolete Deprecated CRT Functions VS2005 DoS by Unreleased Resources Equals without GetHashCode Escape False Warning Files Canonicalization Problems Hardcoded Absolute Path Hardcoded Password Password in Connection String Impersonation Issue
Checker Customization
Checker Customization information hasn't been collected yet for this analyzer.
Really want it? Let us know.
Results Quality
Results Quality information hasn't been collected yet for this analyzer.
Really want it? Let us know.
Reporting
Reporting information hasn't been collected yet for this analyzer.
Really want it? Let us know.
Support
Support information hasn't been collected yet for this analyzer.
Really want it? Let us know.