End User License Agreement for Short-term Scanning Service Providers

PLEASE READ THE TERMS AND CONDITIONS OF THIS END USER LICENSE AGREEMENT (“EULA”) CAREFULLY BEFORE INSTALLING OR USING THE CHECKMARX SOFTWARE (“SOFTWARE”) AND ACCOMPANYING DOCUMENTATION (“DOCUMENTATION”). THIS EULA REPRESENTS A BINDING LEGAL AGREEMENT BETWEEN YOU AND THE CHECKMARX ENTITY IDENTIFIED BELOW (“CHECKMARX“). THIS LICENSE IS VALID ONLY FOR THE LICENSE TERM SET FORTH IN YOUR QUOTE, UNLESS TERMINATED EARLIER IN ACCORDANCE WITH THE TERMS OF THIS EULA. THE SOFTWARE IS ACTIVATED BY A LICENSE KEY WHICH EXPIRES AT THE END OF THE LICENSE TERM. AS A RESULT, THE SOFTWARE WILL BE INOPERATIVE UPON THE EXPIRATION OF THE LICENSE TERM. YOU ARE ONLY AUTHORIZED TO USE THE SOFTWARE UNDER THIS EULA IF YOU HAVE ACQUIRED THE SOFTWARE FROM CHECKMARX OR AN AUTHORIZED RESELLER. IF YOU ARE INSTALLING, DOWNLOADING, ACCESSING, OR OTHERWISE USING THE SOFTWARE ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU HEREBY ACCEPT THIS EULA ON BEHALF OF SUCH ENTITY, YOU ACKNOWLEDGE THAT SUCH ENTITY IS LEGALLY BOUND BY THIS EULA, AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, POWER AND AUTHORITY TO ACT ON BEHALF OF AND BIND SUCH ENTITY. YOU MAY NOT ACCEPT THIS EULA ON BEHALF OF AN ENTITY UNLESS YOU ARE AN EMPLOYEE OR OTHER AUTHORIZED AGENT OF SUCH ENTITY WITH THE RIGHT, POWER AND AUTHORITY TO BIND AND ACT ON BEHALF OF SUCH ENTITY. THIS EULA ONLY APPLIES TO SERVICE PROVIDERS WHO HAVE PURCHASED SHORT-TERM (NOT TO EXCEED 30 DAYS) SERVICE PROVIDER LICENSES FROM CHECKMARX OR AN AUTHORIZED RESELLER. IF YOU ARE USING SOFTWARE LICENSES FOR SERVICE PROVIDER USE IN CONNECTION WITH CUSTOMER ENGAGEMENTS EXCEEDING 30 DAYS, THIS EULA DOES NOT APPLY TO YOU AND YOU SHOULD CONTACT CHECKMARX OR AN AUTHORIZED RESELLER FOR THE APPROPRIATE LICENSE COVERING SUCH USE.  THIS EULA DOES NOT AUTHORIZE USE OF THE SOFTWARE FOR ANY OTHER PURPOSE NOT EXPRESSLY AUTHORIZED HEREIN. IF YOU DO NOT AGREE TO THIS EULA, YOU ARE NOT AUTHORIZED TO INSTALL AND/OR USE THE SOFTWARE OR DOCUMENTATION.

1. License Grant. If you have purchased a short-term “Service Provider” license to use the Software and Documentation from Checkmarx or an authorized reseller, then subject to the terms and conditions of this EULA and your timely payment of the applicable license fees, Checkmarx hereby grants to you during the License Term (defined below) a limited, personal, non-exclusive, non-transferable, non-sublicensable right to: (a) to install the Software on equipment owned or leased by you; (b) to use the Software in object code form for the purpose of scanning the source code of your paying customers, and (c) to share the output of the Software with those customers on a confidential basis. All use of the Software is subject to the License Types and license quantities set out in an authorized quotation document provided by Checkmarx or an authorized reseller (the “Quote”). You may make one (1) copy of the Software for archival and backup purpose and a reasonable number of copies of the Documentation to enable your use of the Software. All copies of the Software and Documentation are subject to this EULA. This license does not grant any rights whatsoever to the source code of the Software.
2. License Conditions. Your right to use the Software is conditioned upon your timely payment of the full amount of the license fees and other charges due set out in the Quote as well as your full compliance with the terms of this EULA. In addition, your use of the Software is restricted by the number and type of licenses (the “License Type(s)”) purchased by you:
   • Named User License: under the terms of a Named User License, the Software is tied to a specific named user so that the Product may only be used by that individual named user. A user who uses one of the Software user interfaces (Web, IDE plugin, etc.) must be provisioned as a Named User. Any individual who consumes scan data extracted from the system outside of the Software user interfaces (i.e. reports generated by the Software, exported scan data) to review, track, or fix vulnerabilities must be provisioned as a Named User.
   • Node-Locked License: under the terms of a Node-Locked License, the Software is licensed for use on a single, specified device. You may not transfer the Software to a different device unless you have received written approval from Checkmarx.
   • SP Project: under the terms of a Project Based license, the Software may be used to scan a single named Project during the stated license term, where the term “Project” is defined as a single codebase which is maintained over time, and used to build a particular named software module or application. You may not use the Software in excess of the number and type of Project licenses purchased by you.
3. Prohibited Uses. Other than the rights explicitly granted in this EULA, you shall have no other rights, express or implied, in the Software or the Documentation, and all such rights are reserved by Checkmarx. This EULA does not permit you to share Software licenses with your customers or to permit customers or any third parties to access or use the Software. Without limiting the generality of the foregoing, you agree and undertake not to, directly or indirectly, or permit others to: (a) use the Software in excess of the License Type restrictions or license quantities purchased; (b) attempt to circumvent any license restrictions or License Type limitations; (c) reverse engineer, decompile, disassemble, modify or create derivative works of the Software or Documentation; (d) attempt to derive the source code of the Software; (e) reproduce, publish, distribute, transfer, publicly display, resell, rent, lease, sublicense, loan, or lend the Software or Documentation to any third party; (f) make the Software available in a service bureau or any similar commercial time-sharing arrangement; (g) transfer, assign or permit the sharing of license keys or product codes to a third party; (h) make publicly available any output of the Software, including but not limited to benchmarking results; (i) distribute, resell, sublicense or otherwise provide third party access to the Software or Documentation; (j) otherwise provide access to the Software or the output generated by the Software other than as expressly permitted under the terms of this EULA; or (l) use the Software in any manner that is against the law of any jurisdiction.
4. Term and Termination. This EULA shall automatically terminate upon the expiration of the license term set forth in the Quote (the “License Term”). Evaluation licenses will automatically terminate upon expiration of the evaluation period specified in Section 2 of this EULA. Either party may terminate this EULA: (a) upon written notice in the event of a material breach of this EULA by the other Party which has not been cured (if capable of cure) after the expiration of thirty (30) days from the breaching party’s receipt of written notice of the breach; (b) if the other party becomes the subject of any voluntary or involuntary petition pursuant to applicable bankruptcy or insolvency laws, or request for receivership, liquidation, or composition for the benefit of creditors and such petition, request or proceeding is not dismissed within sixty (60) days of filing; or (c) immediately upon written notice in the event that either party reasonably believes that this EULA or a party’s performance thereunder will result in any violation of applicable law, and such violation cannot be promptly corrected to the party’s reasonable satisfaction or is incurable as a matter of law, for example in the event that a party becomes a Restricted Party (defined below). Promptly upon termination, all rights and licenses granted under this EULA will cease and you will immediately cease all use of the Software and Documentation, destroy all copies of the Software and Documentation in your possession or control, and, upon request of Checkmarx, certify such destruction. Checkmarx’s termination of this EULA will not limit any of Checkmarx’s other rights or remedies at law or in equity.
5. Title & Ownership. The Software and Documentation is licensed, not sold. The Software and Documentation is protected by copyright and other intellectual property laws and treaties. All right, title and interest in and to the Software and Documentation, any derivatives thereof and modifications thereto, including associated intellectual property rights, evidenced by or embodied in and/or attached/connected/related to the Software and Documentation, are owned by and will remain with Checkmarx and/or its licensors. This EULA does not convey to you any right, title or interest in or to the Software or Documentation, except for the limited right of use in accordance with the terms herein. Nothing in this EULA constitutes a waiver of Checkmarx’s and/or its licensors’ intellectual property rights. You may not remove, modify or obscure any Checkmarx logos or proprietary notices from any Software, Documentation, or reports generated by the Software, or any copies thereof.
6. Feedback. In the event you provide Checkmarx with feedback regarding its products or services (“Feedback”), you hereby grant Checkmarx a perpetual, irrevocable, worldwide, sub-licensable, royalty-free license to use, modify, create derivative works, distribute and otherwise exploit the Feedback without further compensation to you.
7. Payment. All purchases are final and non-refundable, and any early termination of this EULA shall not affect your payment obligations to Checkmarx or its authorized reseller. For Software orders placed directly with Checkmarx, Checkmarx shall deliver to you an invoice stating the fees and, where applicable, sales, use, value-added or other similar taxes. You are responsible for the payment of all taxes and duties, however designated, which are paid or payable, based on the fees or on your use or possession of the Software under this EULA. If you are required to withhold or deduct any amount from the fees on account of taxes, you will pay Checkmarx the additional amount necessary to ensure that the net amount received by Checkmarx after withholding or deduction of such taxes is equal to the gross amount of the fees in the absence of any such withholding or deduction. Except as otherwise provided in this EULA, all amounts are non-refundable and are payable in U.S. Dollars unless a different currency is specified in the Quote.
8. Limited Warranty. If you have purchased a license to use the Software and Documentation from Checkmarx or an authorized reseller, Checkmarx warrants that for a period of ten (10) days after initial delivery of the Software to you, the Software, when properly installed and used in accordance with the Documentation, is capable of operating in substantial conformity with the Documentation. Within a commercially reasonable time after Checkmarx’s receipt of written notice from you specifying any breach of these limited warranties, Checkmarx shall, in Checkmarx’s sole discretion and as your sole and exclusive remedy and as Checkmarx’s sole and exclusive liability for breach of warranty: (a) deliver to you a workaround or correction of the non-conformity; or (b) terminate this EULA and assist with coordinating a prorated refund of license fees paid. The limited warranty set forth above shall not apply to the extent the Software: (a) is not used in accordance with the Documentation; (b) has been modified without Checkmarx’s express authorization; (c) fails to function due to a malfunction of your equipment or IT infrastructure; or (d) fails to function due to third party software and/or hardware that is not provided or approved by Checkmarx. THIS SECTION STATES YOUR SOLE AND EXCLUSIVE REMEDY AND THE ENTIRE LIABILITY OF CHECKMARX FOR BREACH OF WARRANTY. THE LIMITED WARRANTIES SET FORTH IN THIS SECTION GIVE YOU SPECIFIC LEGAL RIGHTS. YOU MAY HAVE ADDITIONAL LEGAL RIGHTS UNDER LAW WHICH VARY FROM JURISDICTION TO JURISDICTION. CHECKMARX DOES NOT SEEK TO LIMIT YOUR WARRANTY RIGHTS TO ANY EXTENT NOT PERMITTED BY LAW.
9. Disclaimer of Warranties. EXCEPT FOR THE EXPRESS LIMITED WARRANTIES SET OUT ABOVE, AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SOFTWARE AND DOCUMENTATION ARE PROVIDED ON AN “AS IS” BASIS. TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL WARRANTIES, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE ARE EXPRESSLY DISCLAIMED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. CHECKMARX DOES NOT WARRANT THAT THE SOFTWARE WILL MEET YOUR REQUIREMENTS OR THE REQUIREMENTS OF YOUR CUSTOMER, OR THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED AND/OR ERROR‑FREE. CHECKMARX DOES NOT REPRESENT OR WARRANT THAT THE USE OF THE SOFTWARE WILL BE FREE FROM ERRORS OR SAFE FROM INTRUSIONS OR ANY OTHER SECURITY EXPOSURES, OR THAT THE SOFTWARE WILL DETECT ALL ERRORS OR VULNERABILITIES IN A CUSTOMER’S SOURCE CODE. NOTHING IN THE FOREGOING RESTRICTS THE EFFECT OF WARRANTIES OR CONDITIONS WHICH MAY NOT BE EXCLUDED, RESTRICTED OR MODIFIED AS A MATTER OF LAW.
10. Restriction on Software Warranties. You are prohibited from making any representation, warranty, promise or guarantee that the use of the Software will render any third party’s code free from errors or safe from intrusions or any other security exposures, or that the Software will detect all errors or vulnerabilities in the third party’s source code. Checkmarx shall not be liable for any representation or warranty made by you or on your behalf to a third party.
11. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL CHECKMARX OR ITS AFFILIATES BE LIABLE FOR LOST PROFITS, LOSS OF USE, LOSS OR DAMAGE TO DATA, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR ANY OTHER SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED, AND ON ANY THEORY OF LIABILITY, WHETHER FOR BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY), OR OTHERWISE, WHETHER OR NOT CHECKMARX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CHECKMARX OR ITS AFFILIATES’ LIABILITY UNDER, ARISING OUT OF OR RELATING TO THIS EULA SHALL BE LIMITED TO DIRECT DAMAGES, AND IN NO EVENT SHALL CHECKMARX’S TOTAL AGGREGATE LIABILITY UNDER, ARISING OUT OF OR RELATING TO THIS EULA, EXCEED THE AMOUNT OF LICENSE FEES PAID BY YOU TO CHECKMARX OR ITS AUTHORIZED RESELLER DURING THE PREVIOUS TWELVE (12) MONTHS PRECEDING ANY CLAIM HEREUNDER.
12. Audit and Enforcement Rights. Checkmarx shall be entitled, up to one time per each twelve (12) month period during the license term, to perform a Software license audit to verify your compliance with this EULA and the number and type of licenses purchased by you. You shall be responsible to pay to Checkmarx or its authorized reseller all fees for any unauthorized use of the Software or Documentation detected during the audit. In the event an audit reveals a material underpayment of fees, you will reimburse Checkmarx for the reasonable cost of the audit, and Checkmarx shall be permitted to conduct follow-up audits as deemed reasonably necessary.
13. Export Law. You acknowledge that the export, re-export, or in-country transfer of the Software and Documentation may be subject to laws and regulations promulgated by various governments, which restrict the export, re-export or in-country transfer of certain computer hardware, software media, technical data, and direct products of technical data. You agree to comply with all applicable export laws and regulations as in effect from time to time (including, without limitation, all record-keeping requirements imposed thereunder), and will not export, re-export, transfer or provide access to the Software or Documentation in violation of such laws and regulations.
14. Anti-Bribery and Anti-Corruption. You shall not take any action or omit to take any action in violation of, the U.S. Foreign Corrupt Practices Act of 1977 and all regulations promulgated thereunder (“USFCPA”), the UK Bribery Act, or any other applicable anti-bribery laws or regulations of any jurisdiction, and you shall cause your shareholders, subsidiaries, officers, directors, employees and agents to do the same. Without derogating from the generality of the above, you represent, warrant and agree that, in connection with the performance of your duties hereunder, you shall not make any payments, in money or any other item of value, or make any offers or promises to pay any money or any other item of value to: (i) any government official, (ii) any foreign political party, (iii) any candidate for foreign political officer or (iv) any other person or entity, with the knowledge that such payment, offer or promise to pay will be made to any government official or third party for the purpose of influencing such government official or third party to make one or more business decisions favorable to you, Checkmarx, or both. You further represent that no government official is a principal, owner, officer, employee or agent of any entity in which you have an interest, and no government official has any material financial interest in your business.
15. Restricted Parties. You represent and warrant that neither you, nor any of your directors, executive officers, senior management, key employees, agents, major shareholders, nor any person having a controlling interest, nor any person who you allow to use the Software is a “Restricted Party,” which shall include any person or entity: (a) who is a national of, or located or incorporated in, or an official of, owned or controlled by, or acting on behalf of the government of, a country prohibited by Checkmarx policy (based on risks including corruption, fairness and transparency of local legal process, contractual commitments imposed by financial institutions with which Checkmarx does business, and/or U.S. or Israeli embargo or trade restrictions) (a “Prohibited Territory”) (at the time of execution, Cuba, Iran, Lebanon, Libya, North Korea, Syria, and the Crimea Region), or any other region that hereinafter becomes subject to a comprehensive U.S. or Israeli trade embargo; or (b) who is on any of the following lists: the U.S. Department of Commerce Denied Person’s List, Entity List, or Unverified List; on the U.S. Department of the Treasury, Office of Foreign Assets Control’s (OFAC) list of Specially Designated Nationals and Blocked Persons; the OFAC Consolidated Non-SDN Sanctions List (including the Sectoral Sanctions Identifications List and the Foreign Sanctions Evaders List); the United States State Department’s Debarred Parties and Non-Proliferation Sanctions Lists; the United Nations Financial Sanctions Lists; the European Financial Sanctions List, or the Swiss Sanctions List maintained by the Swiss State Secretariat for Economic Affairs; or (c) persons directly or indirectly owned or controlled by, or acting on behalf of, persons identified in sub-clause (b). You shall not distribute, transfer, sublicense or permit access to any Checkmarx Software, Documentation, or services to any Restricted Party without prior, express written authorization from Checkmarx and, as appropriate, any relevant government agency. You agree that any breach of this section shall constitute a material breach of this EULA not capable of cure.
16. Data Protection. You hereby authorize Checkmarx and its affiliates to store and use any personal data relating to you or your customers that you provide to Checkmarx in connection with this Agreement or the business relationship arising therefrom. Each Party shall, at all times, comply with its respective obligations under all applicable data protection laws and legislation in relation to all personal data that is processed by it in the course of performing its obligations under this Agreement.
17. United States Government Rights in Commercial Off-the-Shelf Software. The Software and Documentation constitute “commercial computer software,” and “commercial computer software documentation” and “technical data” as defined in FAR Section 12.212. Consistent with the applicable provisions of the applicable federal acquisition regulations, including but not limited to 48 C.F.R. §12.212 or 48 C.F.R. §227.7202-1 through 227.7202-4, as applicable, the Software and Documentation are being licensed to U.S. Government end users only as commercial items and pursuant solely to the terms and conditions herein.
18. General. If a court of competent jurisdiction finds any provision of this EULA to be unenforceable, that provision shall be enforced to the maximum extent permissible so as to affect the intent of the parties, and the remainder of the EULA shall continue in full force and effect. The UN Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transaction Act shall not apply to (and are excluded from the laws governing) this EULA. You may not assign this EULA without Checkmarx’s prior written approval. Checkmarx shall be entitled to assign, novate or transfer any rights, duties or obligations under this EULA at its discretion. No waiver of any breach shall constitute a waiver of any prior, concurrent or subsequent breach of the same or any other provision, and no waiver shall be effective unless made in writing and signed by an authorized representative of the waiving party. Sections 5-7, 10-27 shall survive the termination of this EULA.
19. Jurisdiction and Choice of Law. If you are located in the United Kingdom, this EULA shall be governed by and interpreted in accordance with the laws of England and Wales, excluding its choice of law rules. In such case, the competent courts located in London, England shall have exclusive jurisdiction with respect to any matters rising out of this EULA. If you are located in Israel, this EULA shall be governed by and interpreted in accordance with the laws of Israel, and the competent courts located in Tel Aviv, Israel shall have exclusive jurisdiction with respect to any matters arising out of this EULA. If you are located outside of the United Kingdom or Israel, this EULA shall be governed by New York law, and shall be deemed to have been executed and performed in the State of New York. In such case, disputes arising out of or relating to this EULA shall be governed by and interpreted in accordance with the laws of the State of New York, USA, excluding its choice of law rules and the courts in the Borough of Manhattan, New York shall have exclusive jurisdiction with respect to any matters rising out of this EULA.
20. Entire Agreement. Unless you have a valid and current written agreement signed by you and an authorized representative of Checkmarx authorizing your use of the Software in a service provider capacity, you agree that: (a) this EULA supersedes all prior written or oral agreements, warranties or representations with respect to your use of the Software and Documentation; and (b) you agree to be bound by the terms of this EULA, which is the complete and exclusive agreement between you and Checkmarx regarding the Software and Documentation. The provisions of this EULA shall prevail over any additional or conflicting provisions in any purchase order, acceptance notice or other document issued by you, which shall be void and of no effect.
21. Partial Invalidation. In the event that any provision of this EULA shall be held by law, or found by a court or other tribunal of competent jurisdiction to be unenforceable, the unenforceable provision shall be severed and the remaining provisions of this EULA shall remain in full force and effect. In such an event, the parties agree to negotiate in good faith a substitute provision that most nearly reflects the intent of the severed provision.
22. Relationship of Parties. The parties hereto are independent contractors. Nothing contained herein or done in pursuance of this EULA shall create a principal-agent, partner, or other relationship between the parties for any purpose or in any sense whatsoever, or create any form of joint enterprise whatsoever between the parties.
23. No Third Party Beneficiaries. This EULA is entered into solely for the benefit of you and Checkmarx. No third party shall be deemed to be a beneficiary of this EULA, and no third party shall have the right to make any claim or assert any right under this EULA.
24. Contracting Entity. If you are located in the United States of America, “Checkmarx” is defined as Checkmarx, Inc. If you are located in the United Kingdom, “Checkmarx” is defined as Checkmarx UK Ltd. If you are located in India, “Checkmarx” is defined as Checkmarx India Technology Services Private Limited. If you are located outside of the United States of America, the United Kingdom or India, “Checkmarx” is defined as Checkmarx Ltd. unless a different Checkmarx entity is designated in the Quote.
25. Notices. All notices or demands hereunder shall be by traceable express courier service or certified or registered mail, return receipt requested, sent to the address of the receiving party, and shall be deemed complete ten (10) days after mailing. Notices to Checkmarx shall be sent to the attention of: General Counsel, with a copy to [email protected].
26. Contacting Checkmarx. If you have any questions about this EULA, you should contact Checkmarx via the designated point of contact for your territory: https://www.checkmarx.com/contact-us.

Last updated: 22 May 2019