Watch the Video to Find out More!
Try it on your source code

Code Dx Enterprise is an automated application vulnerability management tool that makes all of your testing tools work together to provide one set of correlated results, then helps you prioritize and manage vulnerabilities—integrating with your application lifecycle management tools so your security and development teams work together for faster remediation.

To make things faster and simpler, we partnered with cybersecurity visualization experts, who studied the way real analysts, developers, and AppSec pros look at application security risk. We took the time to figure out what they actually needed to see. Then we carefully devised a full set of powerful, interactive visualizations of the metrics you need to see most. We put all of these visualizations in one place, so your development and security teams have all of your AppSec testing information right at their fingertips.

Stop wasting valuable time managing your tools, and focus on fixing the problems they find.

The Code Dx Risk Score provides a letter grade to indicate the overall “quality” of the project. The letter grade is based on a percentage score, based on the number of vulnerability findings in custom code and third-party components. Those scores are displayed as both percentages and by a fill bar below them, beside the letter grade. Note that only critical, high, and medium severity findings are counted against the Code Dx Risk Score.

Code Dx Risk Score:

The Code Dx Risk Score provides a letter grade to indicate the overall “quality” of the project. The letter grade is based on a percentage score, based on the number of vulnerability findings in custom code and third-party components. Those scores are displayed as both percentages and by a fill bar below them, beside the letter grade. Note that only critical, high, and medium severity findings are counted against the Code Dx Risk Score.

Next to the letter grade, the specific percentage score is displayed alongside a spark-line that shows the general trend of the project’s Code Dx Risk Score over the past week.

Open Findings:

The Open Findings section shows the overall “triage status” of the project.

A waffle chart is used as a severity-age breakdown of the untriaged findings in the project. Different colors indicate different severities, as indicated by the legend. The number of dots of each color indicate the rounded percentage of findings in the project of that specific severity. Transparency is used to indicate the relative age of the findings—a more transparent dot indicates relatively new findings of that severity, and a darker dot indicates relatively old findings of that severity.

You can click on the severity labels in the waffle chart’s legend to focus on that severity, fading the other severities from view. Clicking again on the same label will reset that focus, returning the visualization to its normal state. Hovering will temporarily focus on that severity as well.

Below the waffle chart is a fill-bar indicating the percentage of triaged findings (i.e. set to Fixed, False Positive, etc.), out of the total number of findings in the project, excluding findings that are marked “Gone.”

Findings Count Trend:

The Findings Count Trend shows a breakdown of findings by “detection method” over time.

The Findings Count Trend visualization uses a stacked area chart, with “date” as the X axis, and total finding count as the Y axis. By default, an area for each detection method is shown, so that the stacked areas’ total height indicates the total number of findings at a given date. You can click and hover on the area chart to focus on different dates or detection methods.

Code Metrics:

The Code Metrics section displays a set of metrics for the project’s codebase, broken down by language.

On the left of the section, a legend shows:

  • An “Overall” group, which represents the entire codebase. This is the sum of the metrics for each language.
  • The top 5 languages (by ratio of lines of code in the respective language to all lines of code).
  • An “Other” group, which contains the summation of any other languages after the top 5.

Meteonic is partner of Codedx in India to promote Static Code analysis solution.