Implementation of Checkmarx One
Successfully integrated Checkmarx One with a web-based Supplier Diversity Portal developed using Azure CI/CD pipelines for a U.S. based energy utility company. Addressed and resolved a significant number of security vulnerabilities identified by Checkmarx One.
9 months
Multi-location delivery
Client Brief
The client wanted to upgrade their application, which had security flaws and, significant number of security vulnerabilities even after initial application modernization.
Key Features
Early vulnerability detection in the SDLC, reducing the cost and time associated with post-deployment fixes.
Layered security across code, dependencies, APIs, containers, and infrastructure, providing a holistic approach to application security.
Seamless integration of security into development tools, allowing developers to resolve security issues as they code.
Scans for a wide range of security vulnerabilities, including OWASP Top 10, SANS Top 25, and industry-specific vulnerabilities.
Scans for vulnerabilities within open-source libraries and dependencies.
Examines license compliance and performs risk prioritization by ranking vulnerabilities based on their severity, exploitability and impact.
Analyzes Infrastructure as Code (IaC) files for security misconfigurations, such as overly open permissions, unsecured network configurations and exposed secrets.
Offers continuous monitoring and threat detection to protect applications against evolving threats.
Challenges
Identifying and resolving the issues encountered with the lines of code, modifying the necessary pipeline configuration files, testing for compatibility of the updated version of packages with the existing ones, identifying and updating the dependencies to a compatible version and resolving other breaking changes including fixing the NPM audit issues were some of the key challenges faced by the team.
Our Solution
We have integrated Checkmarx One in the Azure CI/CD pipeline. A large number of security vulnerabilities were identified in the reports generated by Checkmarx One, categorized as Critical, High, Medium, and Low. We carefully analyzed these reports and mitigated the vulnerabilities by upgrading the vulnerable NPM packages to their latest secure versions, ensuring compatibility. The process also involved modifying specific lines of code and adjusting configuration files relevant to the application. As a result, the security vulnerabilities of the application were reduced by approximately 80% to 85%. We could successfully bring down the number of Critical vulnerabilities to zero, for our application; and there was a considerable decrease in the number of high, medium and low vulnerabilities as well.