Checkmarx SCA is a tool designed to provide a comprehensive scan of all open source components used within the Salesforce deployment. As a public sector and education solution, Checkmarx is highly rated.
Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis Tool that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in the most prevalent coding languages.
Checkmarx is an accurate static analysis solution that helps identify different types of security vulnerabilities in your code. Developers can use it in the early stages of the SDLC as it identifies bugs and errors and provides practical solutions on how to address them.
From the Checkmarx Site:
Checkmarx for Salesforce is the leading application security provider, offering the industry’s most comprehensive cloud-native platform, Checkmarx One™, and services.
With Checkmarx One™ you can reduce risk across all components of modern software — proprietary code, open source code, APIs, and infrastructure as code.
Checkmarx takes pride in innovating comprehensive application security solutions to protect American public-sector organizations. Federal, state and local U.S. government agencies and educational institutions fortify their security, streamline DevSecOps methodologies, meet deadlines and compliance requirements, and accelerate ATO with Checkmarx’s developer-centric, unified Application Security Platform™.
Civilian, DoD, and intelligence agencies can uphold compliance requirements while strengthening their software security posture throughout the SDLC to mitigate cyber supply chain risks. Federal customers can use Checkmarx unified platform to scan early and often in both legacy and next-gen cloud native application development tools.
Checkmarx industry-leading application security platform enables agencies to consolidate and optimize DevSecOps. Quickly deliver secure digital services to constituents, manage cybersecurity risks, and develop scalable cloud strategies for modern application development, all while working within budget constraints.