Pismo
CUSTOMER STORY
PISMO SECURES ITS SOFTWARE DEVELOPMENT PIPELINE WITH CHECKMARX
CUSTOMER STORY
PISMO SECURES ITS SOFTWARE DEVELOPMENT PIPELINE WITH CHECKMARX
“We take security seriously, and our customers rely on us for that. We needed tools that were dynamic enough for our evolving processes—tools that were proven, stable, and scalable. We were thrilled to find Checkmarx, which helped us improve the SLA for identifying and remediating risk, reduce risk and the number of vulnerabilities, and eliminate high- and medium-risk issues.”
– Ubirajara Aguiar Jr., Tech Lead, Red Team/DevSecOps, Pismo
THE NEED
Shift AppSec Further Left and Leverage Developer-Friendly Tools and Processes
To ensure the utmost security for its digital banking and payment solutions, the company brought on Ubirajara Aguiar Jr. two years ago to build and lead the Red Team / DevSecOps at Pismo. He quickly realized that the tools and processes in place and the culture of development security needed some improvement.
THE SOLUTION
Why Pismo Chose Checkmarx
Most importantly, Checkmarx tools allow Pismo’s development team to set policies to eliminate high- and medium-risk code vulnerabilities within their main repositories.
WHY CUSTOMER CHOSE CHECKMARX
After consulting with Gartner to identify potential AppSec vendors, Aguiar reviewed eight vendors, then narrowed it down to three, for a PoC simulating a real development pipeline. Pismo ultimately selected Checkmarx Static Application Security Testing (SAST) and Software Composition Analysis (SCA).
Checkmarx was the vendor of choice since it supports multiple development languages, offers bi-directional integration with bug tracking tools, creates and closes tickets automatically, and identifies reccurring false positives.
In addition, Checkmarx tools can be easily integrated into developer routines to encourage adoption while minimizing friction or resistance—which is very important to Pismo. “We always kept our developers in mind when thinking about the new tools. We wanted the transition to be smooth and transparent and didn’t want them worrying about dealing with tickets or keeping track of cards. We specifically looked for tools that would make our developers’ work easier and more productive.”
Most importantly, Checkmarx tools allow the Pismo’s development team to set policies to eliminate high- and medium-risk code vulnerabilities within their main repositories.
– Ubirajara Aguiar Jr., Tech Lead, Red Team/DevSecOps, Pismo
THE BOTTOM LINE
Established a Robust DevSecOps Program and Reduced Vulnerabilities
Time to remediation and streamlined reporting have been the major advantages. “We could settle our SLA to just 14 days for remediating any SAST vulnerability.” And it’s easy to show the CISO and business executives critical metrics and KPIs “We created a chart plotting risks and vulnerabilities and, at first, there were a high number of issues with high risk. Now, every single one of them is at the zero mark” Aguiar concluded. In a short period of time, our founders and directors knew that the money we invested in Checkmarx was well spent.”
Pismo worked with Checkmarx partner, NOVA8, to help deploy and provide professional services for the new tools. “Nova8 is a valued partner,” said Aguiar. “Whenever we need them, they are there to help us. They have a great knowledge base, seasoned professionals that have been through many different deployments and have helped us solve for issues that we could not imagine solving ourselves.”
Pismo’s AppSec solution, Checkmarx SAST, is hosted on an AWS environment provided by Checkmarx, and it connects to the Pismo development environment via a secure VPN. Using Checkmarx SAST on AWS helped Pismo achieve a seamless deployment.
PISMO DEVELOPERS LOVE USING CHECKMARX APPSEC SCAN TOOLS
of unpatched vulnerabilities
to remediation
INTERESTED IN LEARNING MORE?
with Checkmarx, check out the full success story.
