{"id":96844,"date":"2024-07-31T13:04:51","date_gmt":"2024-07-31T13:04:51","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?post_type=learn&p=96844"},"modified":"2026-04-13T21:33:05","modified_gmt":"2026-04-13T19:33:05","slug":"how-to-choose-code-scanning-tools-as-part-of-application-security","status":"publish","type":"learn","link":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/","title":{"rendered":"How to Choose Code Scanning Tools as Part of Application Security"},"content":{"rendered":"

Application security tools such as<\/span> static code analysis tools<\/span> and software composition analysis are crucial in today\u2019s software development lifecycle. Nowadays, applications have moved beyond source code alone, and the conversation around adopting<\/span> code scanning tools<\/span> has broadened to include protecting fully-fledged applications, including open-source packages, APIs, containers and cloud deployments, infrastructure, and runtime deployments. <\/span><\/p>\n\n\n\n

This article will focus on Static Application Security Testing (SAST) and Software Composition Analysis (SCA), looking at<\/span> how to choose a SAST tool <\/span>and <\/span>how to choose an SCA tool <\/span>with a holistic view of application security in mind. <\/span><\/p>\n\n\n\n

\nWhat are <\/span>Static Code Analysis Tools<\/span> and Why Are <\/span>Code Scanning Tools<\/span> Important?<\/span>\n<\/h2>\n\n\n\n

Static code analysis<\/span> tools aim to prevent vulnerabilities by scanning source code at the earliest stages of the software development lifecycle, before applications have been launched. <\/span><\/p>\n\n\n\n

Developers are under a high level of pressure to move fast and get applications and new features built and deployed quickly, and <\/span>static code analysis tools<\/span> help them by highlighting potential vulnerabilities and shifting security left into development. By identifying deviations from coding standards, defects or vulnerabilities early \u2014 they can be fixed much faster and with less rework, creating a more secure and collaborative DevSecOps environment that reduces friction. <\/span><\/p>\n\n\n\n

What is SAST?<\/span><\/h2>\n\n\n\n

SAST stands for <\/span>Static Application Security Testing<\/span><\/a>, and it\u2019s an example of sourcecode scanning toolsthat supports early detection of security vulnerabilities through static code analysis. By using SAST, developers can improve the quality of their code by identifying common coding errors and vulnerabilities, comply with targeted industry standards and compliance regulations, and save the financial and reputational headache of a security breach further down the line. <\/span><\/p>\n\n\n\n

Remediating code vulnerabilities after launch is estimated to cost 640x more than fixing the issue at the source. Simply put? The earlier you can fix a security issue, the better.<\/span><\/p>\n\n\n\n

What is SCA? <\/span><\/h2>\n\n\n\n

Of course, building applications is about a lot more than just source code. Developers regularly incorporate open-source libraries into their code, which helps them to move faster and avoid reinventing the wheel time and again. However, open-source libraries and functions can contain security vulnerabilities or even malicious code, and be an attack vector for threat actors. <\/span><\/p>\n\n\n\n

This is where <\/span>Software Composition Analysis (SCA) <\/span><\/a>comes in. By identifying and managing the open-source libraries in use, and scanning them for vulnerabilities or malicious code, developers can rely on SCA to be confident that they are not opening the business up to risk.\u00a0<\/span><\/p>\n\n\n

\n
\n
\n\t\t\t\n\t\t\t

Mitigate Open-Source Risk<\/h2>\t\t\t

Identify, prioritize, and remediate open-source risk in your applications, including vulnerabilities, malicious code, and license risks.<\/p>\n\t\t\t

\n\t\t\t\t Discover Checkmarx SCA<\/a>\n \t\t\t\t Download Ultimate SCA Guide<\/a>\n \t\t\t<\/div>\n <\/div>\n <\/div>\n<\/section>\n\n\n

\nDifferences Between Static <\/span>Code Scanning Tools<\/span> and SCA<\/span>\n<\/h2>\n\n\n\n

Static code analysis tools<\/span> like SAST are not the same as software composition analysis. While they can both be run at various stages of the SDLC, the target is different. While SAST focuses on source code, while SCA looks at open-source components and functions.<\/span><\/p>\n\n\n\n

Both are necessary elements of an application security platform: SAST is used by developers as they write code to ensure immediate remediation where necessary, while SCA keeps track of open source components to make sure they are safe. <\/span><\/p>\n\n\n\n

What Capabilities Do the Best SAST Tools and SCA Tools Have?<\/span><\/h2>\n\n\n\n

We speak to a lot of customers who ask us <\/span>how to choose a SAST tool<\/span><\/a> or <\/span>how to choose an SCA tool<\/span><\/a>, recognizing that not all <\/span>code scanning tools<\/span> or<\/span> static analysis tools<\/span> are created equally.  <\/span><\/p>\n\n\n\n

When it comes to SAST, here are seven capabilities that we hero at Checkmarx: <\/span><\/p>\n\n\n\n

    \n
  1. \nScanning deep and wide: <\/b>Not all scans have the same goals. In some cases, like for mission-critical applications, teams will need to uncover all vulnerabilities, high, medium and low severity. To do this, they will need a deep scan. In other cases, AppSec teams may want a wide view, looking at only the most critical vulnerabilities that need an immediate fix. <\/span>\n<\/li>\n\n\n\n
  2. \nMultiple presets: <\/b>To speed up time-to-value, AppSec teams will benefit from presets or rule-sets that come out of the box and ready to go. For example there may be a preset scan for HIPAA compliance, or for the OWASP Top 10 API threats. The best SAST tools offer presets, alongside the ability to customize and build queries from scratch. <\/span>\n<\/li>\n\n\n\n
  3. \nApplication-centricity: <\/b>Ultimately, you want the most accurate scan possible, which means you need a full view of the whole application, and how application flows interact and build connections between files and components. The best SAST tools will use data-flow analysis as well as symbolic execution to explore all possible paths. <\/span>\n<\/li>\n\n\n\n
  4. \nMinimal false positives and negatives:<\/b> False positives and negatives are inevitable, but the more detailed and precise you can be about fine-tuning your source code scanning, the less of a problem false positives and false negatives will become. A customizable query language is one powerful tool that works towards this goal. <\/span>\n<\/li>\n\n\n\n
  5. \nScanning uncompiled code:<\/b> Take a step back and think about speed as not just the time it takes to scan the code, but the time it takes to get secure software ready to launch. SAST solutions that support incremental scans help you get there faster, as well as scanning at the repository level to reduce the time it takes on rebuilds and overall scanning.<\/span>\n<\/li>\n\n\n\n
  6. \nBest-fix locations: <\/b>By leading developers to the best location to fix a vulnerability \u2014 and often even several vulnerabilities at once, AppSec teams can reduce Mean-Time-To-Resolution (MTTR). To do this, your SAST tool needs to understand code at a deeper level, looking holistically to see the context of the actions the code performs application-wide. <\/span>\n<\/li>\n\n\n\n
  7. \nWide language and framework support: <\/b>Every organization has its own needs, preferences and standards, and specific business use cases may demand a certain developer language or framework. That\u2019s why your SAST tool should be able to maximize efficiencies by using a single application security tool that covers the broadest set of languages and frameworks. <\/span>\n<\/li>\n<\/ol>\n\n\n\n

    When looking at SCA, a modern platform should provide the following six features as standard: <\/span><\/p>\n\n\n\n

      \n
    1. \n
        \n
      1. \nComprehensive open-source library identification: <\/b>Expect a detailed inventory of all open-source components in use, based on direct references from the application\u2019s source code, as well as references made by other references. Discovering dependencies of dependencies is known as transitive dependency scanning. <\/span>\n<\/li>\n\n\n\n
      2. \nVulnerability and malware detection:<\/b> Threat actors are increasingly leveraging open-source libraries to launch attacks. By some estimates, one in eight open-source downloads poses a risk. SCA should identify open-source libraries containing known vulnerabilities, and also those containing malicious or suspicious code. <\/span>\n<\/li>\n\n\n\n
      3. \nSBOM generation and ingestion: <\/b>Ensure your SCA can<\/span> gGenerate, share, and ingest <\/span>software bill of material (SBOM)<\/span><\/a> files in industry-standard formats, to more easily manage the open-source libraries in use, and also to help comply with relevant regulatory, policy, and licensing requirements.<\/span>\n<\/li>\n\n\n\n
      4. \nLicensing compliance:<\/b> The majority of open source code is governed by licenses. These dictate how the code can be used or reused, and if developers do not keep to these rules, they may be risking compliance or copyright infringement. SCA should be able to detect any violations and flag them.<\/span>\n<\/li>\n\n\n\n
      5. \nLanguage support and integrations:<\/b> If your SCA tool is limited by its language support, you may be missing vulnerabilities simply because a developer is using a language that is not within scope. Similarly, wide integration with IDEs, development tools, CLI tools and CI\/CD platforms is critical to maximize flexibility and use.<\/span>\n<\/li>\n\n\n\n
      6. \nGuided risk management: <\/b>Reporting open-source risks is only step one. Developers and AppSec teams can move a lot faster if they receive prioritization of high-risk threats and actionable guidance regarding how to remediate discovered threats. Look for an SCA tool that identifies open-source threats with exploitable paths and prioritizes vulnerabilities based on risk, exposure and context.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n

        \nTrends In Application Security and <\/span>Code Scanning Tools<\/span> In 2024<\/span>\n<\/h2>\n\n\n\n

        When you\u2019re looking for SCA and SAST tools, the best option is to move away from point solutions, and choose an <\/span>all-in-one application security platform<\/b>, so that results can be correlated across the different AppSec tools you use. With siloed results, your AppSec teams will find it a lot harder to prioritize and understand which applications or processes are opening the business up to undue risk. <\/span><\/p>\n\n\n\n

        You also want to make sure that your SAST and SCA tools<\/a> are <\/span>integrated into the rest of the developer environment<\/b>, as any friction can cause developers to skip steps or lead to human error. To increase development adoption, think about integration with Source Code Management (SCM) solutions, Integrated Development Environment (IDE) solutions, Continuous Integration and Continuous Deployment (CI\/CD) tools, and feedback platforms such as Jira or Azure DevOps. <\/span><\/p>\n\n\n\n

        Another important trend is <\/span>centering the role of the developer as a security hero,<\/b> who with the right tools can become a critical part of your DevSecOps<\/a> strategy. <\/span><\/p>\n\n\n\n

        While developers aren\u2019t typically security experts, an application security solution that helps them to learn on the go, while obtaining in-line remediation advice and the ability to edit code with their own tools helps them to get there a whole lot faster, and empowers them to fix vulnerabilities and improve their code without bottlenecks. <\/span><\/p>\n\n\n\n

        Checkmarx One – A Complete Application Security Solution<\/span><\/h2>\n\n\n\n

        Checkmarx One is a complete <\/span>application security platform<\/span><\/a> that includes SAST and SCA as part of a robust suite of application security tools. <\/span><\/p>\n\n\n

        \n
        \"Checkmarx<\/figure>\n<\/div>\n\n\n

        <\/p>\n\n\n\n

        As well as SAST and SCA, our unified AppSec platform includes Supply Chain Security, API Security, Dynamic Application Security Testing (DAST), security for Infrastructure as Code (IaC), container security, runtime security and more. With all your application security needs covered from a single platform, AppSec teams can simplify security, and correlate and prioritize results based on a holistic and comprehensive view. <\/span><\/p>\n\n\n\n

        Ready to adopt a single solution for application security, code to cloud? <\/span><\/i>Schedule a demo<\/span><\/i><\/a> with one of our application security experts. <\/span><\/i><\/p>","protected":false},"author":84,"featured_media":96907,"parent":0,"menu_order":0,"template":"","meta":{"_acf_changed":true,"footnotes":""},"learn-cat":[848],"class_list":["post-96844","learn","type-learn","status-publish","has-post-thumbnail","hentry","learn-cat-sca"],"acf":[],"yoast_head":"\nHow to Choose Code Scanning Tools as Part of Application Security<\/title>\n<meta name=\"description\" content=\"Wondering what code scanning tools to use? How to choose SAST or SCA tool for application security, this guide is a great place to start.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Choose Code Scanning Tools as Part of Application Security\" \/>\n<meta property=\"og:description\" content=\"Wondering what code scanning tools to use? How to choose SAST or SCA tool for application security, this guide is a great place to start.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-13T19:33:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/07\/How-to-Choose-Code-Scanning-Tools-as-Part-of-Application-Security.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1792\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/\"},\"author\":{\"name\":\"Avi Hein\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79\"},\"headline\":\"How to Choose Code Scanning Tools as Part of Application Security\",\"datePublished\":\"2024-07-31T13:04:51+00:00\",\"dateModified\":\"2026-04-13T19:33:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/\"},\"wordCount\":1628,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/07\/How-to-Choose-Code-Scanning-Tools-as-Part-of-Application-Security.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/\",\"url\":\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/\",\"name\":\"How to Choose Code Scanning Tools as Part of Application Security\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/07\/How-to-Choose-Code-Scanning-Tools-as-Part-of-Application-Security.jpg\",\"datePublished\":\"2024-07-31T13:04:51+00:00\",\"dateModified\":\"2026-04-13T19:33:05+00:00\",\"description\":\"Wondering what code scanning tools to use? How to choose SAST or SCA tool for application security, this guide is a great place to start.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/07\/How-to-Choose-Code-Scanning-Tools-as-Part-of-Application-Security.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/07\/How-to-Choose-Code-Scanning-Tools-as-Part-of-Application-Security.jpg\",\"width\":1792,\"height\":1024,\"caption\":\"SCA Hero image\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79\",\"name\":\"Avi Hein\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png\",\"caption\":\"Avi Hein\"},\"url\":\"https:\/\/checkmarx.com\/author\/avihein\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Choose Code Scanning Tools as Part of Application Security","description":"Wondering what code scanning tools to use? How to choose SAST or SCA tool for application security, this guide is a great place to start.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/","og_locale":"en_US","og_type":"article","og_title":"How to Choose Code Scanning Tools as Part of Application Security","og_description":"Wondering what code scanning tools to use? How to choose SAST or SCA tool for application security, this guide is a great place to start.","og_url":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2026-04-13T19:33:05+00:00","og_image":[{"width":1792,"height":1024,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/07\/How-to-Choose-Code-Scanning-Tools-as-Part-of-Application-Security.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/"},"author":{"name":"Avi Hein","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79"},"headline":"How to Choose Code Scanning Tools as Part of Application Security","datePublished":"2024-07-31T13:04:51+00:00","dateModified":"2026-04-13T19:33:05+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/"},"wordCount":1628,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/07\/How-to-Choose-Code-Scanning-Tools-as-Part-of-Application-Security.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/","url":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/","name":"How to Choose Code Scanning Tools as Part of Application Security","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/07\/How-to-Choose-Code-Scanning-Tools-as-Part-of-Application-Security.jpg","datePublished":"2024-07-31T13:04:51+00:00","dateModified":"2026-04-13T19:33:05+00:00","description":"Wondering what code scanning tools to use? How to choose SAST or SCA tool for application security, this guide is a great place to start.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/learn\/sca\/how-to-choose-code-scanning-tools-as-part-of-application-security\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/07\/How-to-Choose-Code-Scanning-Tools-as-Part-of-Application-Security.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/07\/How-to-Choose-Code-Scanning-Tools-as-Part-of-Application-Security.jpg","width":1792,"height":1024,"caption":"SCA Hero image"},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79","name":"Avi Hein","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png","caption":"Avi Hein"},"url":"https:\/\/checkmarx.com\/author\/avihein\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn\/96844","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/learn"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/84"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn\/96844\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/96907"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=96844"}],"wp:term":[{"taxonomy":"learn-cat","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn-cat?post=96844"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}