Blog

Checkmarx + Wiz: Advancing AppSec with Code to Cloud Integration

4 min.

July 2, 2024

Today, securing applications and cloud environments is necessary for enterprises worldwide. Checkmarx has partnered with Wiz to address this critical need. This strategic partnership brings together Checkmarx’s expertise in application security with Wiz’s CNAPP solution. This allows mutual customers to enjoy a truly comprehensive approach security from the first line of code to deployment and runtime in the cloud.

Embracing code to cloud is now much easier

There are three pillars leading this approach:

  • Streamlined security posture management – Integrate security into every stage of the development lifecycle, offering unified view, automated risk analysis, and remediation guidance.
  • Enhanced efficiency for teams – Achieve clear communication through integrated workflows, streamlined processes, and meeting development teams right where they work with the information they need.
  • Actionable insights & prioritized remediation– Identify Kubernetes clusters, container images, code repositories and map them to Checkmarx One applications and projects with runtime data, for better risk management and to prioritize critical vulnerabilities effectively.

Understanding the Integration

The integration between Checkmarx and Wiz helps deliver actionable insights and prioritizes vulnerability remediation to our mutual customers. Checkmarx One correlates Wiz’s cloud asset inventory and network exposure with vulnerabilities and application security results, such as code repositories. This gives organizations the context needed to prioritize vulnerability remediation based on what is exploitable in the running application. This approach reduces the noise generated by non-critical vulnerability alerts by up to 90% and enables customers to focus their resources on addressing high-impact security issues.

This integration brings to life the “Shift Left, Shield Right” strategy, extending our Checkmarx One offering by adding runtime information to secure every stage of the Software Development Life Cycle (SDLC). This helps encourage collaboration between different teams and stakeholders throughout the entire process. Developers then gain access to actionable security insights directly within their IDE, which allows them to address vulnerabilities early in the development process. Then security teams can leverage runtime context and cloud asset inventory in order to provide developers with the most relevant security information and guidance. Ultimately, it accelerates the delivery of secure applications in a cloud-native environment.

As part of this partnership, we have also integrated our SAST scan results with the Wiz platform to correlate them with cloud security insights. This supports our combined vision of code to cloud and back – enabling greater security posture across an organization’s SDLC. With this new capability, our mutual customers can prioritize and address the most significant risks on the most business-critical assets. This partnership aims to streamline vulnerability detection and mitigation, transforming how enterprises secure their applications and cloud environments.

How Checkmarx enriches AppSec findings with Wiz runtime insights

Let’s see this in action.

In the Risk Management tab, we correlate all the Checkmarx scanner information and runtime data. We tie them back to their project, and their associated user. Adding the runtime context, and internet-facing information from the Wiz integration enables us to add another piece of the puzzle and modify the risk level to reflect what we know and prioritize them more effectively.

Runtime context allows us to understand whether vulnerabilities are exposed to the internet, which increases the risk of exploitation. Vulnerabilities that are exposed to the internet are prioritized due to their increased risk level

Let’s now look at the project level, where Checkmarx One connects all the dots. We can see all the building blocks of the project, code repos, and packages used within the project, including when they were scanned, how many vulnerabilities they have, the risk level and the runtime context.  This allows us to better prioritize the risk and escalate it as needed.

How Wiz enriches CNAPP with Checkmarx SAST findings

The integration of Checkmarx SAST scan results with the Wiz platform enhances application security directly on Wiz’s platform. Combining application security findings with Wiz’s own cloud security scan data, helps organizations identify, prioritize, and address the most significant risks to critical assets, at the development stage. This correlation provides a unified and actionable security visibility, improving the detection and mitigation of vulnerabilities across the entire software lifecycle.

Organizations then can navigate the complexities of modern cloud environments securely, with streamlined security posture management, actionable insights, and enhanced collaboration, can effectively mitigate risks and accelerate their cloud journey with confidence.

If you wish to start gathering runtime insights and see the magic happen Request a Demo, to get started.