Code Dx, Inc., a provider of an award-winning suite of fast and affordable tools that help software developers, testers and security analysts find, prioritize and manage software vulnerabilities, today announced that its Software Vulnerability Correlation and Management Solution will be integrated with the Software Assurance Marketplace’s (SWAMP) new SWAMP-in-a-Box (SiB) solution.
SiB is a free, self-contained version of the SWAMP’s continuous assurance technologies that will allow the software assurance community to deploy local (private) instances of the SWAMP. SiB can be installed on local servers or individual computers, addressing the need of organizations that must or prefer to keep their software assurance activities local. The Code Dx Software Vulnerability Correlation and Management Solution is an integral part of the SiB solution as it consolidates software vulnerabilities detected from multiple Application Security Testing (AST) tools. Code Dx automatically correlates all the weaknesses into a single consolidated set of results for quick and easy triage, prioritization and remediation.
“Code Dx has been part of the SWAMP’s cloud-based continuous assurance solution since it was launched in 2014. SWAMP-in-a-Box is an on-premise version that enables developers concerned with uploading their code to the cloud to leverage the SWAMP solution within their own IT infrastructure,” said Anita D’Amico, CEO for Code Dx. “Developers, security analysts and software testers can use the free SWAMP version of Code Dx in this new SiB offering, or connect their Enterprise version of Code Dx to SiB to use its advanced features.”
The SiB version is available for download at https://github.com/mirswamp/deployment and is distributed under an Apache open source license.
Code Dx currently supports the 15 open source tools included in this version of SiB and will support the commercial AST tools that will be part of future SiB releases.
The SWAMP is a joint effort of four research institutions – The Morgridge Institute for Research, Indiana University, The University of Illinois at Urbana-Champaign, and the University of Wisconsin-Madison – to advance the capabilities and to increase the adoption of software assurance technologies through an open continuous assurance facility. The SWAMP is funded by the Department of Homeland Security Science & Technology Directorate.
Code Dx is a low cost and easy step towards establishing a software assurance program within an organization, or enhancing an existing software assurance program. Code Dx Standard Edition Version, which focuses on static code analysis, and Code Dx Enterprise Edition, which automates correlation and management of vulnerabilities from multiple static and dynamic tools, are available worldwide.