Automating vulnerability remediation with Checkmarx One and

Secure code is critical for businesses that are focused on developing innovative and sophisticated application. Alignment and trust between CISOs, AppSec professionals and developers is paramount in order to identify and address those highly critical vulnerabilities that could impact an enterprise. Being able to prioritize for the greatest business impact, integrate directly into developers’ workflows, and equipping your teams with the tools needed to secure applications from the first line of code are no longer “nice to haves” they are “need to haves”. For enterprises, this can be even more challenging due to volume and scale; large development teams, billions of lines of code, hundreds of applications to release, and competing priorities. 

Uniting our expertise, Checkmarx and Mobb partnered more than a year ago, and our collaboration benefits developers, AppSec managers, and CISOs alike as we work to build #DevSecTrust and power the transition to DevSecOps. 

Checkmarx customers can now deploy Mobb’s auto-remediation solution for vulnerabilities identified during scans with CxSAST (on-prem solution) and the Checkmarx One platform. This partnership significantly reduces the time and cost involved in remediating vulnerabilities and bridges the gap between developers and security in two key ways:

  1. Checkmarx’ industry leading SAST solution is highly tuned for accuracy and prioritizes findings to minimize the noise that enters the developer workflow in the first place. Developers trust that the alerts represent genuinely material, exploitable problems and they know what to fix first.
  2. Mobb’s AI engine provides auto-remediation of the vulnerabilities identified by Checkmarx in just a few clicks – there’s no need for developers to review scan reports and search for fixes and fix locations. This means they can focus on innovation.

Auto-remediation can be easily integrated into the CI/CD pipeline or triggered as part of manual scans, guiding developers to fix vulnerabilities quickly and seamlessly.

How it works: AI-powered auto-remediation for code vulnerabilities

Mobb’s auto-remediation solution is provided by its AI engine and heuristics based on known best practices for the most common vulnerability types and the most common programming languages.

For example, a workflow can start when the developer commits their code changes to GitHub. A Checkmarx SAST scan is initiated as part of the CI/CD workflow. Once the scan is complete, Mobb analyzes the findings and identifies all instances of supported issues. It extracts all the information it needs to fix each finding automatically and then analyzes the vulnerabilities and the developer’s source code for essential contextual information on how the error was created. Mobb then matches its pre-prepared fix algorithms to each context and the algorithm builds the correct fix. The vulnerability and proposed fix is flagged to the developer, showing the fix side-by-side with the vulnerable code. Once the developer approves the fix, it is made automatically. Once the fixed code branch is merged with the main code, the Checkmarx scan can be re-run to verify that the fix is implemented. Watch how simple the process is here.

For the developer experience, this is game-changing. Instead of having to read and analyze a vulnerability report with details about the vulnerabilities and suggestions on how to fix it, they get an instant fix provided; a pull request is ready, and they just need to merge the fixed code and move on. The reduction in friction combined with trust in the accuracy of Checkmarx scans means they can incorporate security more easily into their workflow, so productivity stays high.

CISO, AppSec team, and business benefits

From a CISO perspective, auto-remediation offers a force multiplier in the reduction of vulnerability backlogs by allowing developers to  easily address them earlier in the development process. AppSec teams can streamline policies and processes and get code into production faster, without compromising on security.

Across the board, Checkmarx and Mobb save the business money, by identifying only material and  exploitable vulnerabilities while providing the fastest way to a recommended fix. This dramatically reduces the amount of time developers need to manage security responsibilities.
Checkmarx is committed to pushing the boundaries of the developer experience and this solution builds on Checkmarx’s existing auto-remediation solutions for SCA and IaC vulnerabilities. Together these help developers and AppSec teams deliver secure software fast.

Powerful partnerships drive secure software excellence

The Checkmarx partnership ecosystem is designed to bring Checkmarx customers the most advanced solutions to complement its industry-leading AppSec platform and help them secure the code base without compromising on productivity. 

Mobb is already making an impact in the market and won the Startup Spotlight competition at Black Hat USA in August 2023. Mobb’s deep understanding of the challenges of implementing DevSecOps makes it an ideal Checkmarx partner and we are looking forward to building further on our solutions together.

Getting started

Checkmarx customers can leverage Mobb’s auto-remediation solution by talking with their account team. 

For more information get in touch with your Checkmarx account rep or contact us today.

About the Author

About the Author

Never miss an update. Subscribe today!

By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
Skip to content