With Checkmarx One, you can easily extend the platform with a wide range of Tech Partner capabilities in the areas of SDLC tooling, Runtime & Cloud Security, Vulnerability Management, and Emerging Tech.

If you’re looking to build a unified AppSec posture or extract more value from your existing AppSec solutions to drive better security outcomes, we have partner solutions that deliver. 

The Need for a Single, Unified Platform

Modern application security is complex. From the initial stages of development to deployment and maintenance, every phase of the SDLC presents its unique challenges. Security tools often sprawl across these stages, and without proper integration, the consequences are clear, and unfortunately, far too common: inefficiencies, incomplete coverage, missed vulnerabilities, slowed development cycles, and increased risk.   

Enterprises require a platform designed to enable CISOs, AppSec, and development leaders to prioritize their teams’ focus on what impacts their business, because it’s no longer just about shifting left or right — it’s about shifting everywhere. And shifting everywhere requires integrating and automating security within, and beyond, your development pipeline.

Existing Partnerships and Integrations

The Checkmarx Tech Partnership Program was inspired by customer feedback about the importance of integrations across the entire SDLC, from development to deployment and reporting. We have always been at the forefront of offering meaningful integrations into CI/CD, IDE, SCM, ticketing, vulnerability management, and runtime tools. 

Checkmarx customers already know that Checkmarx has numerous integrations with industry leaders like JetBrains, Jira, Gitlab and countless others. 

With the program’s launch, we’re amplifying our commitment by bringing in more partners, including companies like  AWS, ServiceNow, and Sysdig. 

More Value for Checkmarx Customers

Confidence in integration quality. We’ve all been there – trying to use “integrations” that are smoke and mirrors that don’t have the true back-and-forth, full capability set that the independent, disjointed solution provides. And, in MVP-level integrations, it is often not clear who to contact, for example, if an integration isn’t working as it should. 

With the Checkmarx Tech Partnership Program, customers can trust that tools will work together seamlessly. Plus we will be your primary contact when you have questions or need support. With integrations through our tech partnership program, you can be assured of the integration quality, backed up with support and a single point of contact for all integration related queries. 

Drive better security outcomes. Many of our partner integrations help customers aggregate and see all vulnerabilities in one place, manage with one process, or connect the dots.

When AppSec teams can identify and prioritize vulnerabilities faster, developers can focus on the vulnerabilities that really matter, in the tools they already use, and AppSec leaders can extract analytics that deliver meaningful insight across various toolsets. 

For example, through the recent integration with Sysdig, Checkmarx users can now leverage runtime container insights to prioritize vulnerabilities associated with container packages that are actually running and that pose the most risk, reducing vulnerability noise by up to 95%.    

Want to Partner with Us?

We’re always looking to add new Tech Partner Program members to bring new and exciting functionality to our customers. 

Checkmarx Partners work collaboratively with our team to ensure full, seamless integration with the Checkmarx One platform, ensuring the solution is easily accessible to our more than 1,800+ customers, including 60% of the Fortune 100. 

Potential partners can learn more about the program and benefits and contact us today to start the conversation. 

Shift everywhere with the most extensible code-to-cloud AppSec ecosystem

The Checkmarx Tech Partnership Program was built to help you shift everywhere to identify risk throughout your Software Development Life Cycle (SDLC) and manage AppSec risk across your entire application footprint. As a result, organizations leveraging the Checkmarx Tech Partnership Program ultimately create efficiencies in your remediation processes and build trust between Security and Development teams along the way. 

To learn more about Checkmarx Tech Partnership Program members and integrations, check out the brand-new directory that puts the spotlight on featured partners. 

We’re so excited to launch the program today, but we’re only getting started. Stay tuned for more exciting partner announcements coming soon!  

Because what do you look for in an AppSec platform? Gartner published its latest Hype Cycle for Application Security, 2023 in July. What’s always fascinating with the Hype Cycle is the juxtaposition of market interest and customer adoption. For example, Application Security Posture Management (ASPM) is currently at the very Peak of Inflated Expectations. Everybody is talking about it. Vendors are positioning themselves. Customers are trying to understand what ASPM can do for them, because Gartner says it’s going to have a transformational business impact…in two to five years.

This challenges us to think about and evaluate AppSec platforms in a different way. Every enterprise has a technology roadmap of when they plan to purchase and deploy different technologies over the next five years, and AppSec is no different. Our customers typically start with SAST. Then, they move to SCA. Then, they move to API security, supply chain security, or Infrastructure as Code security. The purpose of a platform is to make it easier to integrate all these different solutions into your technology stack. But that means you’re also making a bet. Because it’s not just about which platform best meets your needs today, but also going forward. You’re making a bet that the platform you choose today will continue to meet your technology needs in the future when you’re actually ready to adopt.

That’s why the Checkmarx One 3.0 release is so exciting. There are always new features and capabilities. Now we can start talking about how those new features and capabilities connect us from where we started when we launched Checkmarx One almost exactly two years ago, to where we’re going, and how we’re building the AppSec platform of tomorrow. 

AI-Powered Application Security

You don’t need me to tell you that AI is popping up everywhere. At Checkmarx, we’re focused on tackling the three grand challenges that AI brings to AppSec:

• AI is disrupting the developer workflow. In Stack Overflow’s 2023 Developer Survey, 72% of developers believe their workflow for writing code will be very or somewhat differently just one year from now, because of AI tools. For AppSec teams, the question is how to keep up with and adapt to that change.
• AI will introduce new threats. Change in application architecture or software development always has the potential to introduce new attack vectors. We’ve already seen examples of AI hallucination attacks, but these are just the beginning as developers increasingly embrace new ways to build applications.
• AI can democratize AppSec. AppSec has always been a challenge, with not enough resources or expertise. Today, responsibility is increasingly shifting to developers, which will exacerbate the problem. However, embracing AI in AppSec can enable and better support developers to build increasingly secure applications.

We’re building the AI-powered enterprise AppSec platform. With version 3.0, you’ll see new innovations across all our solutions and technologies that both leverage AI and help you better respond to the coming AI tsunami in your own organizations.

Seamless Developer Experience

Checkmarx One 3.0 includes many improvements to our overall developer experience, and also introduces a new way to approach it. When most vendors approach developer experience, they typically start with integrating AppSec into the developer workflow. At Checkmarx, we start even earlier with the accuracy of our solutions and the prioritization of our findings, because that reduces the noise that enters the developer workflow in the first place.

We’re especially excited about the new AI Query Builder. AppSec practitioners know that application security is hard. No AppSec solutions are 100% accurate out of the box. Every application is different, and every solution needs to be tailored to each application to minimize false positives and negatives. Checkmarx SAST has always provided 40+ presets to start tuning out of the box, as well as a custom query builder to further refine it. Now, AI Query Builder gives every customer the ability to tune their SAST, even if they have limited AppSec expertise.

Expanded Supply Chain Security

Checkmarx has always led the way in Software Supply Chain Security (SSCS). We were the first Software Composition Analysis (SCA) vendor to introduce malicious package detection. Checkmarx Labs inspects over 7.6 million open source packages for all kinds of threats as part of our open source security initiatives, and we’ve identified over 200k malicious packages to date.

For most of our customers, malicious package detection is an easy first step into SSCS because it takes advantage of their existing SCA product to manage malicious packages – in the same way they manage vulnerable packages today. As part of Checkmarx One 3.0, we’re excited to expand our vision, and portfolio, with secrets detection, project scorecard, and AI code generation to help our customers protect more and more of their software supply chain.

End-to-End API Security

Last August, Checkmarx introduced API Security as the industry’s only true shift-left API security solution. We started with the capabilities needed to discover and inventory APIs in source code, which was (and still is) a unique approach to combatting the problem of shadow or undocumented APIs. In April, we introduced Checkmarx DAST, which provided an opportunity to expand on what we launched and build an end-to-end API Security solution. 

Like a Web Application Firewall (WAF) or API gateway, most DAST solutions require you to tell them where your APIs are, typically with some form of API documentation like a Swagger file, before they can test your APIs. This means that they can’t help with shadow or undocumented APIs. By integrating API Security and DAST together, Checkmarx One 3.0 now can discover every API in your source code, including shadow or undocumented APIs, and test them in live applications with DAST, allowing your enterprise to shift everywhere.

Get the Most Out of AppSec Consolidation

We’ve been talking about consolidation for as long there have been point solutions. Many of you have security technology stacks with hundreds of different tools, which presents a challenge for operational management, vendor management, and costs. 

At Checkmarx, our vision is to be your enterprise AppSec platform and help you bring all your AppSec solutions under one roof, behind a single pane of glass, and with an additional correlation and prioritization layer to enable your teams actually reduce risk. With Checkmarx One 3.0, we’re building on our launch of Fusion last year, Application Risk Management this past June, and our recent Sysdig integration announcement to show you how this comes together in an extensible AppSec platform that helps you shifts everywhere from pre-production to production.

Learn More

We’re excited to introduce these new capabilities as part of our Checkmarx One 3.0 launch. There’s just so much here that everything above feels like only the introduction. We’re just starting to unpack everything that’s in this release and what it can mean for you. To learn more about these capabilities, join us in our platform launch event today (or watch the recording after) or our deep-dive webinars into each of the topics above at the end of October. For Checkmarx customers, please reach out to your account team to learn more about these (and more).

^[1] Source: Gartner, Hype Cycle for Application Security, 2023, Dionisio Zumerle, 24 July 2023