Cebu Pacific Cut Vulnerability Density in Half with
Checkmarx One

Cebu Pacific needed a mature, scalable AppSec solution that seamlessly integrated into developer workflows and CI/CD pipelines, offered advanced reporting to prioritize remediation, and supported alignment with key compliance standards.

Checkmarx One provided Cebu Pacific with a seamless transition from their on-premises CxSAST, to a holistic cloud-based platform with powerful SAST capabilities and advanced analytics.  

The platform integrated smoothly into CI/CD pipelines and existing developer workflows, enabling early detection of vulnerabilities and more efficient remediation. Its user-friendly interface and improved licensing model helped drive developer adoption and scale security coverage across teams.

Additionally, Checkmarx One helped Cebu with alignment to compliance standards:  

“Checkmarx helps us meet compliance and security standards in several ways. Since our main booking app involves payment processing, code scanning has been one of our key evidences to comply with PCI DSS requirements. By using Checkmarx One, we can regularly scan our code to identify and address vulnerabilities, ensuring that our application meets the stringent security requirements of PCI DSS.”

Bernadette Uycoque
Cybersecurity Operations Manager

Improved security posture, faster remediation, and full-scale adoption

Cebu Pacific significantly reduced its backlog of high-severity vulnerabilities and saw a drop in overall vulnerability density by nearly 50%. By onboarding over 100 contributing developers and linking applications to CI/CD workflows, the airline accelerated remediation efforts and strengthened its secure development lifecycle. Checkmarx One also helped the team align with internal governance and external compliance standards with continuous, automated scanning and clear reporting.