世界
运行于代码之上。
知识兔守护代码安全。
CHECKMARX 为现代应用程序开发分享最全面的应用安全管理平台
产品
源代码扫描 – Checkmarx SAST
开源扫描 – Checkmarx SCA
安全编码培训 – Checkmarx CodeBashing
交互式代码扫描 – Checkmarx IAST]
软件安全管理平台
开源:基础设施即代码项目 – Checkmarx KICS
了解为什么知识兔的客户喜欢知识兔
1,800 多家客户的信赖之选,并且客户数量正持续增长。
通过将安全无缝融入工作流程,Checkmarx 客户可节省关键的开发时间 (sysin)。已有超过 40 家财富 100 强企业和半数财富 50 强企业使用 Checkmarx,知识兔拥有众多知名客户。
CHECKMARX ONE 的能力:一个建立在大量创新基础之上的平台
凭借一己之力或作为 Checkmarx 应用安全管理平台的一部分,知识兔的解决方案可满足您软件开发生命周期每个阶段的需求
静态应用安全测试(SAST)
SAST 可在软件开发过程中通过扫描应用程序源代码来识别漏洞 (sysin),而且可以帮助您确定安全问题的优先级并快速加以修复。
注:Checkmarx Fusion、API 安全和 DAST 目前仅分享有限功能(LA)。
如果您的组织开发自研软件,知识兔理解您面临的安全挑战
开发人员
将安全测试无缝融入您的流水线并自动执行,同时不会减缓您的速度
APPSEC
分享您需要的解决方案、支持和指导,帮助将 AppSec 融入您团队的 DNA。
领导力
如期发布,不折不扣。充分提高生产力、安全性和 ROI
与应用安全测试领导者同行
在复杂性中求速度
交付更安全的代码
知识兔的平台由开发人员为开发人员构建,为您分享快速准确的扫描,而且可与您日常使用的工具轻松集成,并分享修复指导, 帮助您按期交付。
无缝安全扫描
面向现代应用程序的 APPSEC
Checkmarx One AST 平台以及独立的解决方案分享您需要的自动化、结果和准确性,确保您代码的安全性,同时加快部署速度。
灵活的部署选项
基于专家诀窍打造
得益于知识兔行业领先的研究、软件开发专业知识和深度安全专长,无论是部署在本地还是云端,知识兔的 AppSec 测试解决方案都可帮助您实现快速数字化转型。
源代码扫描 – Checkmarx SAST
从源头确保您代码的安全
借助 CxSAST,您随时可以根据需要,运行快速、准确的增量或完整扫描。依靠知识兔行业领先的 SAST 解决方案,为您分享所需的灵活性、准确性和扫描范围,通过规则集全面保证您最关键代码的安全。
将安全自动化植入您的开发流程。无缝处理最复杂的编程环境
解决复杂性
- 触手可及的灵活性
轻松扩展安全测试,随时随地灵活运行扫描,支持超过 25 种语言和框架,使安全成为您开发生命周期的组成部分——所有这些都可以在您正在使用的工具中实现。
以 DEVOPS 的速度保证准确性
- 您真正可以信赖的结果
获得您需要的准确性,快速解决问题,减少误报或虚假警报。知识兔的技术和专家将帮助您在 CI/CD 流程发现最关键的漏洞。
合理降低风险
- 始终离不开修复
可定制查询规则,可执行的建议,简单的网页界面,使得跟踪您的应用程序风险简单易行。通过知识兔的 “最佳修复点” 功能,您可以确定错误的确切位置,以及如何快速修复。
知识兔可以满足您的任何需求
知识兔的产品附带专家服务,以确保您在最短的时间内实现安全投资的最大价值 (sysin)。进一步了解知识兔的全球服务。
自推出 CxSAST 以来,知识兔一直通过技术、创新和首屈一指的客户价值引领行业
适合您的开发生命周期
与您的代码库轻松集成并实现自动化,同时不会减缓您的速度。观看集成 Gitlab 演示
系统要求
Server Host Requirements (v9.5.0)
Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable for CxAudit.
For Proof of Concept (POC), Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend using a commercial version of Microsoft SQL Server. Choose a version that supports your scalability and performance needs. Formore details about features supported by the different editions of SQLServer, please use the following link.
In addition to the requirements in the table below, in general, CPU clockspeed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.
| Purpose | Lines of Code | Installed RAM** | Cores | CPU Speed | Disk | OS | Web Server | Other Software |
|---|---|---|---|---|---|---|---|---|
| Centralized **(POC) | **200K | 8 GB | 6-8 | 2.8 GHz | 80 GB (recommended) | See:Supported Components and Operating Systems | IIS 7/7.5/8/8.5/10 | Windows Installer 3.1 or aboveRun msiexec to check.NET Framework 4.7.1An environment (either Centralized or Distributed) where CxManager and CxEngine are on the same server requires .NET Core 6.x Runtime & Hosting installed on the server.For a Distributed environment where the CxManager is on one server and the CxEngines are on dedicated servers: – the CxEngines servers require .NET Core 6.x(this information mainly concerns Windows CxEngines and bare-metal Linux CxEngines, because Linux CxEngines using Docker are already set up)Java 1.17 (Oracle or AdoptOpenJdk).C++ Redist 2010 and 2015 SP3MS SQL Driver For specific details on required prerequisites per product component, seeRequired Prerequisites for Installing CxSAST in a Distributed Environment.Active MQ : 5.17.1 |
| 500K | 16 GB | |||||||
| Centralized (Production) | 200K | 10 GB | Minimum: 8 for 1 concurrent scan.Additional 2 cores for each additional concurrent scan,up to a maximum of12cores,(Recommended: 4, 6, or 8 cores )Max recommended concurrent scans:3** Scans of 1M LOC or more arerecommended to limit concurrency orrun on their own distributed server. | 2.8 GHz | 250 GB(recommended) | IIS 7/7.5/8/8.5/10 | ||
| 600K | 16 GB | |||||||
| 1.2M | 24 GB | 2.8 GHz | ||||||
| 2M | 40 GB | |||||||
| 3M | 56 GB | |||||||
| 4M | 72 GB | |||||||
| Distributed **- CxEngine (Production)**For multiple CxEngine servers(for concurrent scans),each server should meetthe requirements. | 200K | 6 GB | 4 (for 1 concurrent scan)Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores)Recommendedsocket configuration:Single socket | Recommended: 2.8 GHz | 100 GB(recommended) | NA | ||
| 600K | 12 GB | |||||||
| 1.2M | 20 GB | Recommended: 2.8 GHz | ||||||
| 2M | 32 GB | |||||||
| 3M | 48 GB | |||||||
| 4.5M | 72 GB | |||||||
| Distributed - CxManager with Management & Orchestration Layer (Production) | 14 GB | 8 | 2.5 GHz | 250 GB(recommended) | IIS 7/7.5/8/8.5/10 | |||
| Distributed - CxManager without Management & Orchestration Layer (Production)orWeb Portal (apart of CxManager) | 10 GB | 4 | 2.5 GHz | 250 GB(recommended) | IIS 7/7.5/8/8.5/10 | |||
| Distributed - ActiveMQ (Production) | 8 GB | 4 | 2.5 GHz | 250 GB(recommended) | Apache Tomcat 8.5.81 | |||
| Distributed - Database (Production) | 12 GB | 6-8 | 2.5 GHz | 350-400 GB(recommended) | NA | MS SQL Server(Express not recommended)2012/2014/2016/2017/2019MSSQL 2019 is supported on CxSAST 9.3 and up |
** Note: GB RAM / LOC numbers for Javascript are higher.
As of CxSAST 9.3 the engine can be installed on a Linux machine. For more details please refer to: Installing and Configuring the CxEngine Server on Linux
The Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning cannot be used.
Cloud Environments
For Cloud Environment installations (AWS, etc.), these requirements may not exactly match the ones for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.
Engine Socket configuration
To learn more about socket configuration, use our Engine Socket Configuration guide
DB Latency
| Acceptable Latency | Components | |
|---|---|---|
| Network | <5ms, ideally <1ms | CxManager(s), SQL Server(s), ActiveMQ |
| Network | <30ms | CxEngines |
| Disk I/O | <20ms avg | CxManager, CxEngine, SQL Server, ActiveMQ |
Supported Components and Operating Systems (9.5.0)
The following operations systems have been tested with CxSAST and CxOSA for v9.5.0:
| Operating Systems | CxSAST Engine | CxSAST | CxOSA | Access Control | Management & Orchestration |
|---|---|---|---|---|---|
| Windows (64-bit) 10 | ✔️ | ✔️ | |||
| Windows (64-bit) 11 | ✔️ | ✔️ | |||
| Windows Server 2008R2 | ✔️ | ✔️ | |||
| Windows Server 2012 | ✔️ | ✔️ | |||
| Windows Server 2012R2 | ✔️ | ✔️ | |||
| Windows Server 2016 | ✔️ | ✔️ | |||
| Windows Server 2019 | ✔️ | ✔️ | |||
| Windows Server 2022 | ✔️ | ✔️ | |||
| Linux CentOS 7 | ✔️ | ||||
| Linux CentOS 8 | ✔️ | ||||
| Linux Ubuntu 18.04 | ✔️ | ||||
| Linux Ubuntu 20.04 | ✔️ | ||||
| Linux RedHat 8.3 | ✔️ | ||||
| Linux Fedora 33 | ✔️ | ||||
| Linux Fedora 34 | ✔️ |
| Java Version | CxSAST | CxOSA | Access Control | Management & Orchestration | |
|---|---|---|---|---|---|
| Java 17 | ✔️ | ✔️ | ✔️ |
Note: If SAST 9.5 is uninstalled and SAST 9.4. is reinstalled, it is necessary to manually downgrade Java back to version 8, because 9.4 is not compatible with JAVA 17 (even though the 9.4 installation wizard indicates that it completed successfully).
| Frameworks | CxSAST | CxOSA | Access Control | Management & Orchestration | |
|---|---|---|---|---|---|
| Microsoft .NET Core 6.0.5 Runtime & Hosting | ✔️ |
| Frameworks | CxSAST | CxOSA | Access Control | Management & Orchestration | |
|---|---|---|---|---|---|
| Microsoft .NET Core 6.0.5 Runtime & Hosting | ✔️ |
| WebServer | CxSAST | CxOSA | Access Control | Management & Orchestration | |
|---|---|---|---|---|---|
| IIS 7.5-10 | ✔️ |
Supported Browsers
The following browsers have been tested with CxSAST / CxOSA v9.0.0 and Codebashing v3.2.0
| Browsers | CxSAST | CxOSA | Access Control | Management & Orchestration | Codebashing |
|---|---|---|---|---|---|
| Chrome | Latest | Latest | |||
| Edge | Latest | Latest | |||
| Safari | Latest | Latest | |||
| Firefox | Latest | Latest |
‘Latest’ is defined by the browser vendors. Check with the respective browser vendor for the latest version available.
If you are using Chrome version 80 - please refer to the following page.
Accessing the Web Portal from the SAST Server in Chrome
In a default all-in-one setup, the web portal could be directly accessed from the SAST server via http://localhost:80/CxWebClient by clicking a shortcut icon.
If a user clicks this shortcut icon in an attempt to access the web portal, the authentication request is issued to Access Control, usually by using a fully qualified domain name (FQDN), for example:
Localhost and FQDN are treated as different domains, although the web portal and Access Control reside on the same host. Since Chrome (version 80 and higher) has changed its way on how it relates to cookies, using HTTP does not allow switching between product components anymore and prevents the authentication process from completing successfully, which affects SAST applications, as outlined below.
下载体验
百度网盘链接:https://pan.baidu.com/s/1qayqn9xJ1-gL1Yf93s6FFw?pwd= <专享>
更多相关产品:
- Magic Quadrant for Application Security Testing 2022
- Magic Quadrant for Application Security Testing 2023
下载仅供下载体验和测试学习,不得商用和正当使用。
下载体验
