Code Dx

Code Dx® Enterprise is a software application vulnerability correlation and management system that consolidates and normalizes software vulnerabilities detected by multiple (open source and commercial) static analysis (SA) and dynamic analysis (DA) tools, as well as other analysis and testing technologies. Its visual analytics accelerate the finding, triaging, prioritizing, managing and fixing of software quality issues and security vulnerabilities to dramatically expedite remediation.

 

For more information or to arrange a demonstration send us a request or contact us at codedx@cms-3.co.jp.

 

If you would like to evaluate Code Dx please submit an evaluation request.

Enhanced Analysis and Testing Coverage

  • Achieving high quality and security  coverage requires the usage of multiple analysis solutions within and across multiple testing technologies
  • Consolidates the results from multiple analysis and testing tools
  • Results are normalized, correlated, de-duplicated and mapped to selected industry standards
  • Quickly find and focus on the critical issues and areas in your system

 

Key Features

Security and Quality Checks

  • Configures and runs a wide array of bundled open source static analysis tools with more than 1,500 configurable rules with support for C, C++, C#, Java, JavaScript, JSP, PHP, Python, Rails, Ruby, Scala, and vb.NET

Unified Results

  • One interface for working with and managing the consolidated set of issues from all your analysis and testing tools
  • Issues normalized, correlated and duplicates merged
  • Customizable correlation engine to fit your environment

Triage and Remediation

  • Powerful search and filter functionality to quickly prioritize critical issues
  • Customizable remediation guidance

Standardization

  • Map issues to industry standards such as CWE, HIPAA, DISA, OWASP Top 10, SANS Top 25, CERT-C, PCI-DSS

SDLC  Integration

  • Integrate with your development environment, processes and existing workflow
  • IDEs, CI environments, SCMs, issue tracking systems and custom tools or processes

Integration with Analysis and Testing Tools

  • Support for most commercial and open source tools
  • Quick and simple to integrate
  • Custom integrations for non-supported tools can be provided

Automation

  • Find and deal with issues early in the development process with automated continuous analysis
  • Integration with Jenkins
  • API supports custom process integration

Reporting

  • Publish and share results with PDF, XML, CSV reports or via AlienVault/NBE or Nessus
  • Push results to developer IDEs
  • Integration with issue tracking systems (e.g. JIRA)

Powerful and Easy to use

  • Locally installed server based platform on Windows, OSX, or Linux
  • Many open source SA tools bundled in. Configuration and running is automated
  • Support for any team size