Integrations with Source Code Management Tools

Checkmarx Integrations with Source Code Management Tools

Why Integrate Checkmarx with Your Favorite SCM?

Under constant pressure to meet deadlines and eliminate vulnerabilities in their code, your dev teams need security scans in their SCM solution, configured to fit their specific AppSec programs. With security no longer a blocker, you can ensure adoption and a smooth, secure development program by enabling your dev teams to control Checkmarx scans in your native SCM CI/CD pipeline. Built-in AppSec training with Checkmarx Codebashing™ links to the vulnerabilities uncovered in the SCM, leading to fewer errors in the future and quicker remediation today. Your security teams can also block pull requests based on severity level or vulnerability category of specific results.

Where We Integrate



Built-in CI/CD

SCM Tools We Integrate With





(Server & Cloud)​

Azure DevOps



Keep Code Secure Wherever You Store it

From Security Pain to Time Gained

Having trouble knowing if the code you pushed or pulled has security vulnerabilities? Losing focus and momentum logging into multiple user portals just to see if your security scans passed? Checkmarx automatically runs scans whenever you submit a pull or push request, and the results will be integrated right in your SCM with a pass/fail status. Click through on the discovered vulnerability link to view it in the source code without ever having to leave your SCM. Fix it, then create another pull request so Checkmarx can pass your code and push it to release.

Efficiently Configure Project-Specific Pipelines

Since you work closely with devs who are constantly adding new projects, you know that they’ll need specific configurations for their security scans. If you don’t have the time to configure these pipelines, Checkmarx provides the ability to customize and configure scans per project with built-in CI/CD offerings from SCMs. We move security from development blocker to development accelerator by enabling devs to control scans by editing Checkmarx configurations directly within the SCM’s CI/CD pipeline or using config-as-code.

Prioritize Remediation and Developer Adoption

You and your team spend too much time debugging security scan findings and training developers on the results. We offer built-in remediation training with Codebashing, which links to the security findings within the SCM so devs can avoid making the same mistakes in the future and fix the vulnerabilities they uncover today. In addition, your security teams can block pull requests based on risk severity score as well as type or category of vulnerability. With the ability to tune our security solutions to fit your AppSec program, you can prioritize where and how you spend your time reducing vulnerabilities.

We'll Meet You Wherever You Are

Our outstanding solutions are even better with our expert Global Services, making sure you get the greatest value from your investment in the shortest time. No matter what tools you use or where you are on your AppSec journey, we’ll work with you to deliver maximum efficiency, accuracy, and security.

Scan Smarter

Find out what the industry’s most flexible and frictionless solution can do for you.
Skip to content