Checkmarx One Platform Application Security Efficacy Report

This technical report presents a comparative analysis of the Checkmarx One Platform's application security efficacy against a competitor, focusing on Static Application Security Testing (SAST) and Software Composition Analysis (SCA). The objective of the study, commissioned by Checkmarx and conducted by Tolly, was to evaluate the performance of both solutions in identifying vulnerabilities in application code. The report details the methodology used, including the scanning of two applications with SAST and four with SCA, and provides a breakdown of true positives, false positives, and false negatives for each solution. The findings indicate that Checkmarx outperformed the competitor in both SAST and SCA tests, with higher true positive rates and lower false positive and false negative rates. Additionally, the report discusses the implications of these results for businesses in terms of prioritizing remediation efforts based on identified vulnerabilities, particularly focusing on exploitable paths within the code. Overall, the report underscores the importance of effective application security measures in safeguarding business assets.