Skip to main content

Azure DevOps Plugin Overview

The Azure DevOps plugin runs with SAST and SCA.

  • The SAST platform is a powerful static source code analysis solution designed for identifying, tracking and fixing technical and logical security flaws. SAST integrates seamlessly into the Software Development Life Cycle (SDLC), enabling early detection and mitigation of crucial security flaws.

  • The SCA platform is a powerful software composition analysis solution designed for automatically scanning open source packages during the development process.


The Azure DevOps plugin is sometimes also referred to as ADO plugin.

The Checkmarx plugin for Azure DevOps integrates seamlessly into the Microsoft Software Development Life Cycle (SDLC), enabling the early detection and mitigation of crucial security flaws. The Checkmarx Azure DevOps plugin provides the following key benefits:

  • CxSCA Resolver – adds support for the SCA Resolver utility, which enables you to resolve and extract dependencies and fingerprints from your source code and send them to the SCA cloud platform for risk analysis. For additional information on the SCA Resolver utility, refer to the Checkmarx SCA Resolver section in the SCA documentation.

  • Scan source code – integrates smoothly within the SDLC to provide detailed near real-time feedback on code security state.

  • Dependency scans – is able to run an optional Software Composition Analysis (SCA) dependency scan (v2020.2.x and up).

  • Best fix location – highlights the best place to fix your code.

  • Quick and accurate scanning – reduces false positives, adapts the rule set to minimize false positives, and understands the root cause for results.

  • Incremental scanning – only tests the sections of the code that have been changed since last code check-in to reduce scanning time by more than 80%. Enables incorporation of the security gate within your continuous integration pipeline.

  • Seamlessly integration – works with all IDEs, build management servers, bug tracking tools and source repositories.