We are pleased to announce that we are building on our long-standing partnership and earlier integrations with JetBrains’ flagship, IntelliJ IDEA. This will deliver the full power of the Checkmarx One Application Security Platform into key JetBrains tools. Individual developers and teams will be able to boost their security performance while continuing to deliver applications at speed.

Partnering for Secure Code Productivity 

In 2022, Checkmarx and JetBrains first partnered by bringing Checkmarx SCA capabilities natively into IntelliJ IDEA Ultimate through the Package Checker. Using the pre-installed Packager Checker plugin, five million developers can use IntelliJ IDEA to initiate Checkmarx SCA scans directly from their development environment. This can be done for free, without the need to become a Checkmarx customer, with detailed results showing OSS vulnerabilities as soon as the scan is complete. Frictionless integration, with modern application development workflows, makes it easier to secure applications before they are compiled, instead of waiting for deployment to identify vulnerabilities. 

Building on this initial launch, the Checkmarx SCA plugin is also available for a wide range of JetBrains developer tools including WebStorm, PyCharm, Rider, ReSharper, Qodana, and GoLand.

Building #DevSecTrust 

The next phase of our partnership with JetBrains is now live. Checkmarx customers can now bring the full functionality of the Checkmarx One 3.0 application security platform, including SAST, SCA, and IaC security, to IntelliJ IDEA through the Checkmarx One JetBrains Plugin.  

We know that making security tools available to developers doesn’t automatically lead to more secure code. Fast, secure application development is the goal, but this is hard to achieve if security tools lack intuition and cause friction in developer workflows. To help developers, Checkmarx One doesn’t just provide detailed information on each vulnerability discovered, including remediation recommendations and examples. We also enable the developer to navigate with one click from the identified vulnerability directly to the best fix location in the source code, so no time is wasted.

Focusing on exploitable vulnerabilities is also critical to effective and efficient remediation. That’s why the newest releases of JetBrains’ IntelliJ IDEA, WebStorm, PyCharm, Rider, and ReSharper tools include Checkmarx’s Exploitable Path capabilities for Java, JavaScript, C#, and Python languages. This capability gives developers the ability to see whether there’s a path from the project code into the vulnerable package code through which the vulnerable packages could be exploited. Developer teams can focus on the remediation of actively exploitable vulnerabilities first so their time is spent on the most critical areas. 

Our #DevSecTrust approach can also be seen in reducing the number of irrelevant alerts. Checkmarx starts work before it is integrated into the IDE. It can be finely tuned by AppSec teams to ensure the accuracy of scans and effective prioritization of findings. Noise is reduced before it enters the workflow, so developers can be confident that the vulnerabilities they are being alerted to are genuine and they know what needs to be prioritized for fixing. This ultimately helps CISOs drive strategic initiatives to uplevel application security posture. 

Collaborative Development with Security in Mind

Checkmarx One 3.0 can also be integrated into TeamCity, a powerful CI/CD tool for DevOps teams of any scale, developed by JetBrains. This means organizations can normalize the inclusion of security scanning in team application development projects.

The Checkmarx One TeamCity plugin enables users to trigger SAST, SCA, IaC Security, and API Security scans directly from a TeamCity project. It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from a source code repository and uploads it to Checkmarx One for scanning. This plugin provides easy integration with TeamCity while enabling scan customization using the full functionality and flexibility of the Command Line Interface (CLI) tool.

Key features of the TeamCity plugin include:

• Automatically triggering CxSAST, CxSCA, IaC Security, and API Security scans from TeamCity projects.
• Use of CLI arguments to customize scan configuration.
• Automatic updates to the latest plugin version.
• Interface for viewing scan results summary and trends in the TeamCity environment.
• Direct links from within TeamCity to detailed Checkmarx One scan results and reports.
• Generating SBOM reports.

This helps teams enhance software security, governance, and reporting.

A Powerful Partnership

JetBrains and Checkmarx are recognized leaders in their fields, and this long-term partnership unites us in delivering a game-changing developer experience, raising the profile of AppSec without compromising productivity or workflows. This empowers CISOs to elevate code security and deliver more secure apps, faster.

Getting Started

It couldn’t be easier to get started with Checkmarx in JetBrains tools. Our dependency checker plugin is already a native part of all JetBrains IDEs, so developers can access advanced SCA right now.

The Checkmarx One 3.0 plugin can be easily installed by Checkmarx customers into the IntelliJ IDEA development environment from the Checkmarx marketplace. It is also available as an on-premises solution. Similarly, the TeamCity plugin can be installed for customers with a Checkmarx account and is also available on-premises if required.For more information, contact the Checkmarx Team or watch our latest joint webinar today.

Uniting our expertise, Checkmarx and Mobb partnered more than a year ago, and our collaboration benefits developers, AppSec managers, and CISOs alike as we work to build #DevSecTrust and power the transition to DevSecOps. 

Checkmarx customers can now deploy Mobb’s auto-remediation solution for vulnerabilities identified during scans with CxSAST (on-prem solution) and the Checkmarx One platform. This partnership significantly reduces the time and cost involved in remediating vulnerabilities and bridges the gap between developers and security in two key ways:

1. Checkmarx’ industry leading SAST solution is highly tuned for accuracy and prioritizes findings to minimize the noise that enters the developer workflow in the first place. Developers trust that the alerts represent genuinely material, exploitable problems and they know what to fix first.
2. Mobb’s AI engine provides auto-remediation of the vulnerabilities identified by Checkmarx in just a few clicks – there’s no need for developers to review scan reports and search for fixes and fix locations. This means they can focus on innovation.

Auto-remediation can be easily integrated into the CI/CD pipeline or triggered as part of manual scans, guiding developers to fix vulnerabilities quickly and seamlessly.

How it works: AI-powered auto-remediation for code vulnerabilities

Mobb’s auto-remediation solution is provided by its AI engine and heuristics based on known best practices for the most common vulnerability types and the most common programming languages.

For example, a workflow can start when the developer commits their code changes to GitHub. A Checkmarx SAST scan is initiated as part of the CI/CD workflow. Once the scan is complete, Mobb analyzes the findings and identifies all instances of supported issues. It extracts all the information it needs to fix each finding automatically and then analyzes the vulnerabilities and the developer’s source code for essential contextual information on how the error was created. Mobb then matches its pre-prepared fix algorithms to each context and the algorithm builds the correct fix. The vulnerability and proposed fix is flagged to the developer, showing the fix side-by-side with the vulnerable code. Once the developer approves the fix, it is made automatically. Once the fixed code branch is merged with the main code, the Checkmarx scan can be re-run to verify that the fix is implemented. Watch how simple the process is here.

For the developer experience, this is game-changing. Instead of having to read and analyze a vulnerability report with details about the vulnerabilities and suggestions on how to fix it, they get an instant fix provided; a pull request is ready, and they just need to merge the fixed code and move on. The reduction in friction combined with trust in the accuracy of Checkmarx scans means they can incorporate security more easily into their workflow, so productivity stays high.

CISO, AppSec team, and business benefits

From a CISO perspective, auto-remediation offers a force multiplier in the reduction of vulnerability backlogs by allowing developers to  easily address them earlier in the development process. AppSec teams can streamline policies and processes and get code into production faster, without compromising on security.

Across the board, Checkmarx and Mobb save the business money, by identifying only material and  exploitable vulnerabilities while providing the fastest way to a recommended fix. This dramatically reduces the amount of time developers need to manage security responsibilities.
Checkmarx is committed to pushing the boundaries of the developer experience and this solution builds on Checkmarx’s existing auto-remediation solutions for SCA and IaC vulnerabilities. Together these help developers and AppSec teams deliver secure software fast.

Powerful partnerships drive secure software excellence

The Checkmarx partnership ecosystem is designed to bring Checkmarx customers the most advanced solutions to complement its industry-leading AppSec platform and help them secure the code base without compromising on productivity. 

Mobb is already making an impact in the market and won the Startup Spotlight competition at Black Hat USA in August 2023. Mobb’s deep understanding of the challenges of implementing DevSecOps makes it an ideal Checkmarx partner and we are looking forward to building further on our solutions together.

Getting started

Checkmarx customers can leverage Mobb’s auto-remediation solution by talking with their account team. 

For more information get in touch with your Checkmarx account rep or contact us today.

With Checkmarx One, you can easily extend the platform with a wide range of Tech Partner capabilities in the areas of SDLC tooling, Runtime & Cloud Security, Vulnerability Management, and Emerging Tech.

If you’re looking to build a unified AppSec posture or extract more value from your existing AppSec solutions to drive better security outcomes, we have partner solutions that deliver. 

The Need for a Single, Unified Platform

Modern application security is complex. From the initial stages of development to deployment and maintenance, every phase of the SDLC presents its unique challenges. Security tools often sprawl across these stages, and without proper integration, the consequences are clear, and unfortunately, far too common: inefficiencies, incomplete coverage, missed vulnerabilities, slowed development cycles, and increased risk.   

Enterprises require a platform designed to enable CISOs, AppSec, and development leaders to prioritize their teams’ focus on what impacts their business, because it’s no longer just about shifting left or right — it’s about shifting everywhere. And shifting everywhere requires integrating and automating security within, and beyond, your development pipeline.

Existing Partnerships and Integrations

The Checkmarx Tech Partnership Program was inspired by customer feedback about the importance of integrations across the entire SDLC, from development to deployment and reporting. We have always been at the forefront of offering meaningful integrations into CI/CD, IDE, SCM, ticketing, vulnerability management, and runtime tools. 

Checkmarx customers already know that Checkmarx has numerous integrations with industry leaders like JetBrains, Jira, Gitlab and countless others. 

With the program’s launch, we’re amplifying our commitment by bringing in more partners, including companies like  AWS, ServiceNow, and Sysdig. 

More Value for Checkmarx Customers

Confidence in integration quality. We’ve all been there – trying to use “integrations” that are smoke and mirrors that don’t have the true back-and-forth, full capability set that the independent, disjointed solution provides. And, in MVP-level integrations, it is often not clear who to contact, for example, if an integration isn’t working as it should. 

With the Checkmarx Tech Partnership Program, customers can trust that tools will work together seamlessly. Plus we will be your primary contact when you have questions or need support. With integrations through our tech partnership program, you can be assured of the integration quality, backed up with support and a single point of contact for all integration related queries. 

Drive better security outcomes. Many of our partner integrations help customers aggregate and see all vulnerabilities in one place, manage with one process, or connect the dots.

When AppSec teams can identify and prioritize vulnerabilities faster, developers can focus on the vulnerabilities that really matter, in the tools they already use, and AppSec leaders can extract analytics that deliver meaningful insight across various toolsets. 

For example, through the recent integration with Sysdig, Checkmarx users can now leverage runtime container insights to prioritize vulnerabilities associated with container packages that are actually running and that pose the most risk, reducing vulnerability noise by up to 95%.    

Want to Partner with Us?

We’re always looking to add new Tech Partner Program members to bring new and exciting functionality to our customers. 

Checkmarx Partners work collaboratively with our team to ensure full, seamless integration with the Checkmarx One platform, ensuring the solution is easily accessible to our more than 1,800+ customers, including 60% of the Fortune 100. 

Potential partners can learn more about the program and benefits and contact us today to start the conversation. 

Shift everywhere with the most extensible code-to-cloud AppSec ecosystem

The Checkmarx Tech Partnership Program was built to help you shift everywhere to identify risk throughout your Software Development Life Cycle (SDLC) and manage AppSec risk across your entire application footprint. As a result, organizations leveraging the Checkmarx Tech Partnership Program ultimately create efficiencies in your remediation processes and build trust between Security and Development teams along the way. 

To learn more about Checkmarx Tech Partnership Program members and integrations, check out the brand-new directory that puts the spotlight on featured partners. 

We’re so excited to launch the program today, but we’re only getting started. Stay tuned for more exciting partner announcements coming soon!