Skip to main content

Getting Started with Codebashing

Getting Started with Codebashing is the process of increasing the likelihood that new users become successful when adopting Codebashing. Use the search tool to find a specific subject.

The goal of this section is to provide new Codebashing customers with the necessary information and planning guidance to facilitate a successful roll-out of your AppSec Training Solution. The following is a step by step checklist with reference links to review.

New Customer Welcome Letter

As a new customer you receive a welcome letter once Checkmarx has processed your order. The letter provides you with handy information, such as links to this more detailed customer guide.

Codebashing Tenant Provisioning

In order for us to provision and configure your Codebashing Tenant, we need some information and actions from you.

For instance, when it comes to SSO/SAML integration, we will contact you as we require your SAML metadata to integrate. We also recommend that you limit the audience that can access Codebashing by applying group-level access control at your (customer-end) SSO endpoint. Your Identity & Access Management or Single-sign-on team may assist you with this.

If, for example, your environment is subject to aggressive outbound web, or inbound email, filtering, we suggest that you whitelist Codebashing domains and IPs at the relevant web and/or email gateway.

For additional information on these topics, review the following resources:

  • Set up and configure the SSO/SAML integration. Checkmarx will contact you to configure this setup. For additional information and instructions on SAML integration, refer to Setting Up Access via SSO using SAML.

  • Work with your Identity & Access Management (SSO team) to develop possibilities to limit access to Codebashing to the developer audience that requires it. For further information, refer to Setting Up Access via SSO using SAML.

  • Whitelist * in your environment, if necessary.

  • Use the Checkmarx CxSAST solution with Codebashing. For further information and instructions, refer to Enabling Codebashing.

Pre-Planning of your Codebashing Solution

Getting the most out of your Codebashing purchase is important to you and to us at Checkmarx. We want to make sure that you get the maximum value with your purchase, which is why we have created this section. It may be tempting to start right away, but we strongly recommend that you follow the steps outlined below before launching/deploying your Codebashing training to your developer groups.

Step 1 - Define Success Criteria for Your AppSec Training Program

This is somewhat unique to your organization. As a starting point you should think about what your wider AppSec Programs goals are, and how AppSec training is going to help achieve them. Success criteria should be as objective and quantitative as possible, the SMART framework is a good way of helping to frame your criteria. The SMART framework requires that success criteria should be: specific, measurable, achievable, relevant, and time-bound.

Step 2 - Understand the Top 5 Best Practices

Here are the Top 5 best practices of things that our most successful customers do to ensure that they maximize the value from their Codebashing purchase. If you are considering to skip following through with them or even some of them, we ask you to reconsider because each one of them is fundamental to ensure a healthy level of adopting and implementing the solution.

  1. Make training mandatory

    • Experience demonstrates that making this mandatory helps you reach critical mass with your user base. Tie in a recognition program and you will achieve the highest level of satisfaction.

  2. SSO Integrate with Codebashing

    • This is the initial step when your Codebashing tenant is set up. It provides a smooth onboarding process and is easy to administer. It is important to work with your Identity & Access Management Team. There are detailed instructions in the “Codebashing Setup” to walk you through step by step.

  3. Customize the SSO integration to capture relevant fields from the Active Directory.

    • This best practices step helps you to expose additional fields from your Active Directory (AD) to provide richer data to filter moving forward (examples: Department, Manager, BU). This is a critical step to have set up if you plan to integrate with your LMS (example: Unique ID). More details in the LMS link below.

  4. Integrate your training data with your Learning Management System

  5. Build a recognition and reward program to promote and drive desired behaviors.

    1. It is a fun way to show the importance of AppSec.

    2. Announce people that reach top X of leader board.

    3. Get users who complete the training to add “AppSec Champion” to their email signature

    4. Set manager objectives to have their teams complete training etc

    5. Think about what would work within your organizational culture, and if they can tie into existing recognition/reward programs/systems they have… its more likely to be well received and help them send the right message.


Small tokens of recognition may help send the right message that AppSec EDU and awareness are important. Such tokens could include T-shirts, trophies or anything unique that connects with your organizations culture.

Step 3 - Get Familiar with the Admin Console

Review the content under Managing Codebashing as Administrator to help you get familiar with Codebashing on the admin level.

Rollout Phase

  • Kick off ideas, communicate to your user community.

    • Formal kick-off meeting with all stakeholders by means of a conference call or face to face meeting.

    • Sample email template. Adjust it based on your organization and culture.

      • Define and communicate goals

      • Define the timeline and expectations

      • Any other organizational message that needs to be communicated

    • Lunch and learn.

  • Formal email to communicate the actual rollout, for sample email templates, refer to Sample Email Templates for Rolling out Codebashing.

Ongoing Adoption

  • Perform periodical health checks to review the progress and revisit success criteria defined for the questionnaire.

  • Issue internal quarterly newsletter or email on progress success.

Codebashing Discovery Questionnaire

Program Overview and Goals

  1. How would you define your goals and expectations for using Codebashing within your organization?

  2. Who will be administrating the Codebashing solution?

  3. Will you integrate Codebashing utilizing SSO? If so, what information/fields would you need to pull from your user directory.

  4. How many users will you be on-boarding initially? Do you know exactly which users are going to be on-boarded to Codebashing? Are they all part of a group or multiple groups within AD for instance?

  5. Will you be integrating Codebashing with your existing learning management system?

  6. Describe in as much detail as possible your existing AppSec Education program.

  7. Will any courses be mandatory for all or only a subset of users? If not mandatory, how do you plan to execute on user engagement and adoption?

  8. How do you plan to measure the success of Codebashing?

  9. How, and to whom, and with what frequency will those success measures be reported?