Checkmarx One Platform Application Security Efficacy Report

This document is a technical report that presents a comparison of the application security efficacy between Checkmarx and a competitor, focusing on Static Application Security Testing (SAST) and Software Composition Analysis (SCA). The objective of the report is to analyze the performance of both solutions in identifying vulnerabilities across various applications. The testing involved scanning three applications using SAST and two applications using SCA. Results indicated that Checkmarx outperformed the competitor by identifying a higher number of true positives while maintaining lower false positive and false negative rates. Specifically, Checkmarx identified 1,261 potential vulnerabilities in the SAST tests, with a true positive rate of 63.7%, compared to the competitor's 611 vulnerabilities and a true positive rate of 38.8%. Additionally, in the SCA tests, Checkmarx identified 57 vulnerabilities with a 100% true positive accuracy, while the competitor identified 39 vulnerabilities with 89.7% accuracy. The findings suggest that Checkmarx provides a more effective solution for application security.