Experience the Power of Agentic AI With Checkmarx One Assist
See the Future
Experience the Power of Agentic AI With Checkmarx One Assist
See the Future
At Checkmarx, we do everything with our customers in mind. Security, data privacy, compliance, and reliability are important to you, which makes them imperative for us.
This page provides information on our approach to security, data privacy, compliance, and reliability for Checkmarx, including the Checkmarx One™ application security platform.
Checkmarx is an extension of your software development processes and architecture. We designed Checkmarx One to meet your security standards, including data, application, network, and product security.
Checkmarx logs all actions taken within our AWS environment and web applications using AWS CloudTrail. Logs are encrypted, stored in a secure and centralized location, and available for audit and compliance purposes.
Checkmarx performs daily backups of all customer data and retains backups for seven days. Data is stored in secure locations, encrypted at rest, and protected from unauthorized access. In addition, we perform regular disaster recovery drills to ensure all environments are recoverable.
Checkmarx follows data retention policies that comply with relevant data protection regulations and best practices. Client data is deleted within 7 days of receiving a formal deletion request. Retention settings can be customized to meet specific customer requirements and are applied by the Checkmarx support team.
We encrypt all customer data at rest using industry standard encryption protocols, such as AES-256, to protect against unauthorized access or theft.
Checkmarx One encrypts all communications with our service using HTTPS. In addition, data transmitted within our service to and from Amazon S3 is encrypted using TLS 1.2.
Checkmarx implements an IDS / IPS for the Checkmarx One environment using a combination of AWS Shield, WAF rules, and DevOps Guru services to identify and alert to anomalies or potential security threats.
Checkmarx proactively performs vendor risk management (VRM) assessments of our external security posture using Panorays, with an overall Cyber Posture Rating of 99%. Assessments include network and IT, application, and human maturity, and can be provided to customers.
All exposed AWS instances are protected with a web application firewall (WAF) to detect and block a wide range of web application attacks. WAF rules are customized to the Checkmarx One environment and regularly updated against the latest threats.
Checkmarx understands the importance of data privacy for our customers. Our programs, products, and services are structured to provide effective data privacy protections for Checkmarx, its customers, partners, and employees.
Security is at the heart of everything we do at Checkmarx. Our customers rely on us to protect their most valuable assets. We meet and exceed the world’s most trusted standards for data protection, privacy, and secure software development.
ISO/IEC 27001:2022
We’re certified to the latest and most recognized global standard for information security. This reflects our structured, enterprise-grade approach to managing and protecting your data.
SOC 2 Type II
Checkmarx undergoes an independent SOC 2 Type II audit annually. Our report is available upon request. We also leverage the robust security posture of AWS, which holds its own SOC 2 Type II compliance.
GDPR
Our privacy program aligns with the stringent requirements of GDPR. Our practices are designed to support transparency, user rights, and responsible data handling – no matter where you operate.
Secure Software Development Framework (SSDF)
Security isn’t just a feature – it’s built in. We align with the NIST Secure Software Development Framework (SSDF) to integrate security at every stage of our software lifecycle.
Checkmarx ensures all its products and services are designed and delivered to meet the requirements of the Confidentiality, Integrity, and Availability (CIA) triad. This provides the assurances you need to secure your application development, without slowing you down.
Status page
Monitor the operational status and recent history for Checkmarx One services running in each of its five global regions (United States, Europe, India, Singapore, and Australia & New Zealand) on the status page.
Checkmarx has developed a Responsible AI Framework to guide the ethical and effective use of AI across our application security solutions. Built on key principles of transparency, privacy, security, and developer empowerment, this framework ensures that our AI supports secure coding practices without introducing bias or undermining trust. We apply strict governance measures, including ongoing audits of AI outputs, to keep our technology aligned with industry standards and regulatory requirements. Our AI-powered tools are designed to support, not replace, human decision-making, offering clear, actionable insights that developers and security teams can rely on. By prioritizing privacy-first design and human-in-the-loop processes, Checkmarx ensures that AI strengthens the integrity and security of the software development lifecycle.
Checkmarx provides customers with additional details on security, privacy, compliance, and availability programs, including certifications, compliance reports, standard security questionnaires, and security architecture. For these and others, please contact your account team.