Code Dx, Inc., a provider of a robust suite of fast and affordable tools that help software developers and security analysts find, prioritize and visualize software vulnerabilities, today announced the newest version of its software security toolset, Code Dx Version 1.7. This new version includes three new bundled tools, two for detecting the use of known vulnerable components: Dependency-Check for Java and .NET dependencies and Retire.js for JavaScript libraries used on the web and in Node.js applications, as well as support for Python code base scanning with the bundling of Pylint. This new version of Code Dx also includes the ability to ingest the results of the Checkmarx source code analysis tool.

“Securing the software supply chain is an increasingly critical issue for the software industry,” said Anita D’Amico, Ph.D., CEO of Code Dx. “We continue to enhance the functionality of Code Dx to enable software developers and software purchasers using different coding languages to easily and affordably test their software for potential vulnerabilities to attack. This newest version of Code Dx now offers these users the ability to check the vulnerability status of third-party software components embedded in the software, in addition to finding vulnerabilities in custom code.”

Code Dx Version 1.7 offers numerous enhancements from the previous version. The three key additions include:

  • Checking for use of components with known vulnerabilities – Dependency-Check, an Open Web Application Security Project (OWASP) Foundation tool, identifies project dependencies and checks for any known, publicly disclosed, vulnerabilities. In this release, Code Dx is bundling Dependency-Check for Java and .NET dependencies and Retire.js for JavaScript libraries used on the web and in Node.js applications. Code Dx will now automatically run these tools on user-provided inputs to determine if any known vulnerabilities exist that may impact their software development project.
  • Pylint – This tool checks for potential vulnerabilities in the Python code base — extending the breadth of programming languages Code Dx supports.
  • Checkmarx – This powerful source code analysis tool is now supported by the Code Dx Enterprise Edition. It is an internationally used, automated scanning technology that offers robust functionality to enable developers and auditors to easily scan code and eliminate software risk.

“Layered security is a must when protecting the enterprise’s assets,” said Amit Ashbel, product marketing manager at Checkmarx. “We are glad to cooperate with Code Dx to enable organizations with application security awareness to combine Checkmarx’s powerful source code scanning capabilities with a variety of market solutions.”

Availability:
Code Dx is a low cost and practical first step towards establishing a software assurance program within an organization or enhancing an existing software assurance program. Code Dx Standard Edition Version 1.7 and Code Dx Enterprise Edition Version 1.7 are available worldwide.