Mendix Quality and Security Management | powered by Sigrid - SIG

Mendix Quality and Security Management (QSM) | powered by Sigrid

Develop business-ready applications in total confidence. Mendix QSM performs a static analysis of Mendix application models according the ISO 25010 standard for maintainability.

Keep software development velocity high.
Focus your resources on your business development

The Mendix platform for applications development unlocks a new potential of citizen developers allowing companies to improve time to market with brand-new innovations faster.
However, citizen developers aren’t trained developers with the knowledge of clean, secure code guidelines.

How to keep control on what’s being developed without slowing down the speed of development?

Transparency and visibility across all enterprise applications

Mendix Quality & Security Management (QSM) | powered by Sigrid is an integration of the Mendix low-code development environment. QSM is based on Sigrid®, the leading software assurance platform for top-notch build quality and security monitoring of your Mendix applications and includes a Mendix approved ruleset for detecting common Mendix security misconfigurations and best practice violations.

Mendix QSM offers you:

  • Fast, clean, and secure (citizen) software development
  • Improved time to market
  • A governance structure to manage software build quality and security
  • Efficient support of your business performance
  • Guaranteed fully effective applications for your developers, now and throughout its use

Benefits and Capabilities

1

Complete overview of application landscape, know where to focus your attention

With Mendix QSM, you’re able to see the quality rating and get continuous security insights of every application in your portfolio.

2

Benchmark against the world’s largest database to measure your build quality performance​

Mendix QSM measures key aspects of maintainability, and benchmarks your application against the SIG database to deliver a score of 1-5 stars giving you immediate insight into how your software stacks up against the market.

3

Continuous security insights to immediately address security risks

One single version of the truth presents a clear overview of the risks and vulnerabilities across the breadth and depth of your organization, ranks for compliance, and recommends for risks mitigation.

4

Analyzing security weaknesses with Semgrep

Mendix QSM leverages Semgrep to analyze security weaknesses in Mendix Models - a fast, open-source static analysis tool for enforcing coding standards.

5

300+ technologies supported for complete in-depth analysis

Mendix QSM is powered by Sigrid®, the most comprehensive code quality and security tool available. Supporting over 300 technologies, from Cobol and PL/SQL via Java and .NET to Mendix, and much more.

6

Mendix QSM integrated with your build pipeline (using Sigrid CI)

Mendix QSM can be integrated with Azure DevOps, or other GIT-libraries to support your DevSecOps practises for Mendix development, and for immediate feedback on any code submissions created by your development teams.

Further reading

Mendix and Software Improvement Group Launch a New Software Application Quality and Security Scanning Solution

Mendix Application Quality and Security Management