Checkmarx One — Build Your Bundle

Your Security Program, Your Way

Pick the modules that match your attack surface. Get a custom quote in minutes.

1,800+ enterprises

Gartner Leader

No commitment

Scanning Engines

Agentic AI Layer

Risk Intelligence

Review Bundle

Get a Quote

Step 1 of 4

Hybrid Security Engines

Choose the scanning capabilities that match your attack surface. Checkmarx One is included as your unified platform foundation.

Category

Code Security

Scan source code across every language

✓

SAST Required

Static Analysis Security Testing

Market-leading static analysis security testing solution identifying vulnerabilities in source code across every language.

Highest accuracy and precision with leading F1-score

Complete language coverage

AI-powered remediation

✓

Secrets Detection

Credential Security

Prevent hardcoded credentials and API keys from reaching production.

Identify 170+ secret patterns

Live secret validation

Pre-commit exposure protection

✓

IaC Security

Infrastructure-as-Code

Scan Terraform, CloudFormation, Kubernetes, Helm for misconfigurations before they reach the cloud.

18+ IaC platforms

Policy-as-code enforcement

Compliance mapping

✓

API Security

API Attack Surface

Discover, inventory, test your entire API attack surface.

API discovery

Global API inventory

SAST+DAST integration

Category

Software Supply Chain Security

Protect open-source dependencies and third-party packages

✓

SCA

Software Composition Analysis

Comprehensive open-source security, license compliance, and SBOM generation.

SBOM generation

License risk management

Reachability Analysis

✓

Malicious Package Protection

Package Integrity

Detect malicious, typosquatted, and compromised packages before they enter your build pipeline.

Unparalleled malicious package database

Deep malicious package detection

Package reliability metrics

+ MPI API — Direct access to Checkmarx Zero’s malicious package intelligence via a stand-alone API (with or without Checkmarx One), suitable for proactive defense without requiring a full SCA scan.

✓

Container Scanning

Container & Image Security

Scan container images for vulnerabilities, misconfigurations, and embedded secrets.

Registry integration

Layer-by-layer analysis

Base image recommendations

Category

Security for AI / AI Supply Chain

Secure AI-generated code and the models, agents, and tools powering your AI systems

All New

✓

AI Supply Chain Security

Generate a complete inventory of AI models, datasets, and dependencies powering your applications.

Audit-ready AI-BOMs

Global AI Asset Inventory

Enterprise AI Governance

Category

Runtime Security

Extend protection into live environments with dynamic testing

New

✓

DAST

Dynamic Analysis

Dynamic application security testing purpose-built for AI-powered apps.

Seamless integration with the SDLC

Fast and simple onboarding

Authentication made simple

Checkmarx One platform is always included

Step 2 of 4

Agentic AI Layer

Supercharge your security program with AI agents that triage, fix, and integrate directly into developer workflows.

Agentic AI

Assist Family — AI Security Agents

Autonomous agents that operate across the full application delivery lifecycle

All New

✓

Developer Assist

AI-Native Security for Developers

An AI security agent embedded directly into the developer's workflow.

Works where developers build

Real-time vulnerability detection and guided fixes

Just-in-time security guidance

✓

Triage Assist

AI Triage Agent

An autonomous agent that ingests all findings and prioritizes what genuinely needs fixing.

87% noise reduction

Business impact scoring

Auto-false-positive filtering

✓

Remediation Assist

AI Fix Agent

Generates precise, code-level fix recommendations directly in pull requests.

PR-level fix suggestions

Multi-language support

Security explanation included

✓

Checkmarx MCP

Model Context Protocol

Connect Checkmarx security intelligence directly to AI coding agents and LLMs via MCP.

Claude, Cursor, Copilot ready

Real-time security context

Agentic pipeline support

All agents are optional add-ons

Step 3 of 4

Risk Intelligence & Governance

Add ASPM capabilities for portfolio-wide risk visibility, compliance enforcement, and cross-team orchestration.

ASPM

Application Security Posture Management

Correlate all engine signals into a unified, business-contextualised risk view

✓

Context-Enriched Risk Scoring

Risk Orchestration

Business-context scoring that cuts through noise — surface the vulnerabilities that represent genuine risk.

CVSS + business context

Exploitability weighting

Cross-engine correlation and BYOR results

✓

Continuous Posture Management

ASPM

Continuous AppSec posture tracking across your entire application portfolio.

Real-time state and severity updates

Portfolio-wide CISO-ready dashboards and filtering

In-context triage guidance

✓

Audit-Ready Reporting

Governance and Policy Enforcement

Full traceability and compliance mapping aligned to PCI DSS, HIPAA, SOC 2, and NIST.

PCI, HIPAA, SOC 2, NIST

KPIs, Trends, Benchmarks, and Cloud Insights

Automated audit reports

✓

Connect to Dev Ecosystem

Developer Experience

Integrate with cloud tools, ticketing systems, and any IDE.

Visual Studio Code, Windsurf, Cursor, and more

Multi-team workflows

CI/CD pipelines

All modules are included in Checkmarx One bundles

Step 4 of 4

Review Your Bundle

Here's what you've selected. Make any final adjustments before requesting your custom quote.

Almost There

Get Your Custom Quote

Tell us about your team and we'll have a Checkmarx expert reach out within 1 business day with a tailored proposal.

Your Bundle Summary

Pricing

Custom quote

Pricing is based on developers, apps, and usage. Your dedicated rep will build a precise proposal.

Your Bundle

1 module

Why Checkmarx One

✓

Modular, not monolithic

Pay only for what you use. Expand as you grow.

✓

Single unified platform

One dashboard, one data model, one API.

✓

Dedicated onboarding

Named CSM and implementation support included.