Develop business-ready applications in total confidence. Mendix QSM performs a static analysis of Mendix application models according the ISO 25010 standard for maintainability.
The Mendix platform for applications development unlocks a new potential of citizen developers allowing companies to improve time to market with brand-new innovations faster.
However, citizen developers aren’t trained developers with the knowledge of clean, secure code guidelines.
How to keep control on what’s being developed without slowing down the speed of development?
Mendix Quality & Security Management (QSM) | powered by Sigrid is an integration of the Mendix low-code development environment. QSM is based on Sigrid®, the leading software assurance platform for top-notch build quality and security monitoring of your Mendix applications and includes a Mendix approved ruleset for detecting common Mendix security misconfigurations and best practice violations.
With Mendix QSM, you’re able to see the quality rating and get continuous security insights of every application in your portfolio.
Mendix QSM measures key aspects of maintainability, and benchmarks your application against the SIG database to deliver a score of 1-5 stars giving you immediate insight into how your software stacks up against the market.
One single version of the truth presents a clear overview of the risks and vulnerabilities across the breadth and depth of your organization, ranks for compliance, and recommends for risks mitigation.
Mendix QSM leverages Semgrep to analyze security weaknesses in Mendix Models - a fast, open-source static analysis tool for enforcing coding standards.
Mendix QSM is powered by Sigrid®, the most comprehensive code quality and security tool available. Supporting over 300 technologies, from Cobol and PL/SQL via Java and .NET to Mendix, and much more.
Mendix QSM can be integrated with Azure DevOps, or other GIT-libraries to support your DevSecOps practises for Mendix development, and for immediate feedback on any code submissions created by your development teams.
Notifications