Checkmarx One bundles SAST, SCA, IaC, container, and supply-chain scanning. dpndncY ships the same surfaces — SCA across 17 ecosystems, SAST with AST taint tracking across 13+ languages, IaC, container, secrets — and adds pre-install enforcement, the eBPF Runtime Agent, and DSSE-signed evidence on every decision.
Same scan surface. Plus enforcement and signed evidence.
Self-hosted, signed-evidence-first AppSec platform. Multi-signal exploitability fusion shared across firewall, SCA, SAST, container, IaC. Standalone offline verifier binary ships in the box.
Enterprise SAST suite, expanded to multi-surface AppSec.
Mature SAST roots, multi-language coverage, cloud-hosted by default. SCA + supply-chain modules added on top. Decisions and evidence live in the Checkmarx One portal.
Same set of capabilities. Different stack.
| Capability | dpndncY | Checkmarx |
|---|---|---|
Self-hosted / air-gapped by default | ||
Pre-install enforcement (Dependency Firewall) | ||
eBPF Runtime Agent on CI runners | ||
Trust-delta gating + signed bypass audit | ||
Signed evidence per decision (DSSE / in-toto) | ||
Offline verifier binary | ||
SAST with AST taint tracking (JS/TS + Python) | ||
SCA across 17 ecosystems | ||
Container image scanning (OCI) | ||
IaC (Terraform / CFN / K8s) | ||
Secrets detection (high-precision + entropy) | ||
Attack-path graph | ||
AI risk attribution | ||
Auto-fix PRs with breaking-change analysis |
Read every decision. Verify it offline.
dpndncY is self-hosted. No portal you have to log into to defend a decision three years from now.