Popular static code analyzers (or SAST) like Fortify & Checkmarx are used to provide security visibility and external compliance for many organizations. But what happens after getting the report?
Often fixing vulnerabilities falls by the wayside. To many developers, reports from Fortify & Checkmarx are viewed to create additional work by revealing vulnerabilities (both real ones and false positives), while offering no solution to advance their remediation.
Lucent Sky AVM works like to a static code analyzer to pinpoint vulnerabilities, and then offers Instant Fixes - code-based remediation that can be immediately placed in source code to fix the common vulnerabilities like cross-site scripting (XSS), SQL injection and path manipulation.
For .NET (C# and VB.NET) and Java applications, Lucent Sky AVM can fix up to 90% of the vulnerabilities it finds.
If your organization's compliance requires the mitigation of all results found by Fortify & Checkmarx (or results that fit a certain criteria, critical and high, for example), Lucent Sky AVM can be customized to find the same results while providing additional functional value - fixing up to 90% of the found vulnerabilities.
Many static code analysers are designed for and to be used by security professionals. This means they require expert users, and their assessments and outputs aren't developer friendly. Lucent Sky AVM offers clear reporting that caters to both security professionals and developers, providing both analysis results and Instant Fixes (code-based remediation to common vulnerabilities like cross-site scripting and SQL injection) that a non-expert can use to secure their code.
For organizations needing compliance reporting, Lucent Sky can help teams hit the mark set by Fortify & Checkmarx and cut out the noise of false positives, while drastically reducing the time and effort required to secure an application.
Download a report comparison between Lucent Sky AVM and SAST tools to see the difference.
Request a demo and see Lucent Sky AVM in action yourself. To learn more about how Lucent Sky AVM can be used in combination with Fortify & Checkmarx in your environment, get in touch!