Integrations with Source Code Management Tools

Checkmarx Integrations with Source Code Management Tools

Why Integrate Checkmarx with Your Favorite SCM?

Development teams are constantly under pressure to meet deadlines and eliminate vulnerabilities in their code. Devs need security scans within their SCM solution, configured to fit their specific AppSec program. With security no longer a blocker, you can ensure adoption and a smooth and secure development program by enabling your dev teams to control Checkmarx scans within your native SCM CI/CD pipeline. And built-in AppSec training with CxCodebashing links to the vulnerabilities uncovered in the SCM, leading to fewer errors in the future and quicker remediation today. Your security teams can also block pull requests based on severity level or vulnerability category of specific results found.

Where We Integrate



Built-in CI/CD

SCM Tools We Integrate With




(Server & Cloud)​

Azure DevOps


Keep Code Secure Wherever You Store it

From Security Pain to Time Gained

Having trouble knowing if the code you pushed or pulled has security vulnerabilities? Losing focus and momentum logging into multiple user portals just to see if your security scans passed? Checkmarx automatically runs scans whenever you submit a pull or push request, and the results will be integrated right in your SCM with a pass/fail status. Click through on the discovered vulnerability link to view it in the source code without ever having to leave your SCM. Fix it, then create another pull request so Checkmarx can pass your code and push it to release.

Efficiently Configure Project-Specific Pipelines

Since you work closely with devs who are constantly adding new projects, you know that they’ll need specific configurations for their security scans. If you don’t have the time to configure these pipelines, Checkmarx provides the ability to customize and configure scans per project with built-in CI/CD offerings from SCMs. We move security from development blocker to development accelerator by enabling devs to control scans by editing Checkmarx configurations directly within the SCM’s CI/CD pipeline or using config-as-code.

Prioritize Remediation and Developer Adoption

You and your team spend too much time debugging security scan findings and training developers on the results. We offer built-in remediation training with CxCodebashing, which links to the security findings within the SCM so devs can avoid making the same mistakes in the future and fix the vulnerabilities they uncover today. In addition, your security teams can block pull requests based on risk severity score as well as type or category of vulnerability. With the ability to tune our security solutions to fit your AppSec program, you can prioritize where and how you spend your time reducing vulnerabilities.

Cool way to demonstrate catching errors or scanning before pipeline –updated figure 8?

Scan Smarter

Find out what the industry’s most flexible and frictionless solution can do for you.

Skip to content