Prioritize Vulnerabilities Faster with Checkmarx and Sysdig

By Eric Carter - AUGUST 8, 2023


Organizations modernizing applications in the cloud find themselves drowning in vulnerabilities. There are too many alerts and not enough time to address them all. Sysdig and Checkmarx announced a partnership today focused on solving this problem. By bringing runtime insights from Sysdig’s Cloud-Native Application Protection Platform (CNAPP) into the Checkmarx One AppSec platform, application security teams will have a new tool to reduce vulnerability noise up to 95% and help developers quickly get to the issues they need to address first.

Shift-left security has a problem: Noise

Shifting security left is key to ensuring companies reduce risks at very early development stages. Finding security vulnerabilities at the early stages of development is never a problem. Identifying vulnerabilities early in the development lifecycle is good, however, determining which security issues are noise and which pose real risk is the real challenge. Developers need help sorting through the mountain of issues to determine what they should fix first.

Runtime insights reduce vulnerability noise by up to 95%

Sysdig’s unique position at runtime provides the ability to profile running container images to identify in-use packages with vulnerabilities. By feeding this information back to vulnerability management tools, runtime insights help filter out vulnerable packages that are not actually used by the application. This helps developers and security teams focus on what’s really important, keeping development and delivery moving at a rapid pace.

Through a set of APIs, Sysdig makes the in-use package information available for use with external tools. This is the work we’re doing together with Checkmarx.

Using Sysdig runtime insights with Checkmarx One

Checkmarx Software Composition Analysis (SCA), part of the Checkmarx One platform, helps teams find vulnerable open source packages in their code and get remediation guidance to help quickly reduce open source risk. Runtime insights from Sysdig will add a new dimension for prioritizing and filtering vulnerabilities so developers can focus first on in-use packages.

Reduce vulnerability fatigue

Checkmarx SCA with Sysdig Secure provides an effective developer feedback loop with accurate, relevant, and actionable insight integrated into the software lifecycle. By focusing on vulnerabilities with runtime exposure, Checkmarx and Sysdig will help users gain a clear view of vulnerable components actually invoked – and which are not. This significantly reduces developer workload in terms of what needs to be remediated to address actual risk.

Focused remediation = faster delivery

Detecting and responding to security threats earlier and more efficiently has a direct impact on developer productivity. Teams who are able to focus more on application development and deployment, and less on unnecessary vulnerability remediation, will be better equipped to keep pace with rapid software delivery. This means a much faster time-to-market (TTM).

Shift left and shield right for a complete cloud-native security solution

We’re excited about the new Checkmarx and Sysdig partnership. Together we bring the cloud and cloud-native security solutions organizations need to effectively identify and respond to the vulnerabilities and threats from source to run.

Want to learn more about how it works?. Read our follow-up blog: How to Prioritize Vulnerabilities with Checkmarx and Sysdig Runtime Insights.

Additional resources:

Subscribe and get the latest updates