Platform overview
Checkmarx One
Agentic AI
Checkmarx One Assist
AI-powered Agentic AppSec agents preventing and remediating threats autonomously.
Developer Assist
Developer-first AI agent for instant vulnerability prevention and fix.
Posture
ASPM
Unified visibility, control and prioritization across your entire AppSec posture.
PARTNERSHIPS & INTEGRATIONS
Partner Programs
Building stronger AppSec ecosystems through trusted partnerships.
Find a Partner
Discover certified partners to accelerate your AppSec journey.
SOLUTIONS FOR
Code
Supply Chain
Cloud
Services
Developer assist
Developer-first Al agent preventing and remediating vulnerabilities instantly in IDE.
SAST
Market leading developer friendly statio application security testing and analysis
DAST
Developer tailored dynamic application scanning for efficient security issues remediation.
API Security
Enterprise scale API security scanning for early detection of critical vulnerabilities.
SCA
Identify, prioritize, and remediate open-source vulnerabilities, malicious code, and license risks.
Malicious Package Protection
Reveal and eliminate malicious open-source packages using industry’s largest database.
Repository Health
Enhance security with full visibility into code repository health.
Software Supply Chain Security
Protect your entire software supply chain with industry-leading security across legacy, open source, and Al-generated code.
Container Security
Secure containerized applications across SDLC, from code to cloud runtime.
laC Security
Secure cloud infrastructure via advanced scanning and vulnerability detection.
Premium Support
Enhance security outcomes and ROl with proactive, expert technical support.
Premium Services
Accelerate AppSec program success while maintaining seamless developer experience.
Maturity Assessment
Assess your AppSec maturity and unlock actionable improvement steps.
Why Checkmarx
Customer Stories
Awards
Industry Recognition
Integrations
COMPARE CHECKMARX
vs. Snyk
vs. GitHub
vs. Veracode
vs. Fortify
vs. Black Duck
vs. Semgrep
RESEARCH
Checkmarx Zero
Research Blog
Disclosed Vulnerabilities
Open-Source Tools
Resources
Analyst Reports
Solution Briefs
Videos
Webinars
Whitepapers
LEARN
Blog
Documentation
Glossary
Knowledge Hub
Customer Enablement
The 2025 Gartner® Magic Quadrant™ for Application Security Testing
Read more
IDC MarketScape for ASPM 2025
The Forrester SAST Wave 2025
Checkmarx One Solution Brief
COMPANY
About Us
Leadership
Press Releases
Newsroom
Events
Careers
PARTNERS
Partner Directory
Become a Partner
GET IN TOUCH
Support Portal
Contact Us
At Checkmarx, we do everything with our customers in mind. Security, data privacy, compliance, and reliability are important to you, which makes them imperative for us.
This page provides information on our approach to security, data privacy, compliance, and reliability for Checkmarx, including the Checkmarx One™ application security platform.
Checkmarx is an extension of your software development processes and architecture. We designed Checkmarx One to meet your security standards, including data, application, network, and product security.
Checkmarx logs all actions taken within our AWS environment and web applications using AWS CloudTrail. Logs are encrypted, stored in a secure and centralized location, and available for audit and compliance purposes.
Checkmarx performs daily backups of all customer data and retains backups for seven days. Data is stored in secure locations, encrypted at rest, and protected from unauthorized access. In addition, we perform regular disaster recovery drills to ensure all environments are recoverable.
Checkmarx follows data retention policies that comply with relevant data protection regulations and best practices. Client data is deleted within 7 days of receiving a formal deletion request. Retention settings can be customized to meet specific customer requirements and are applied by the Checkmarx support team.
We encrypt all customer data at rest using industry standard encryption protocols, such as AES-256, to protect against unauthorized access or theft.
Checkmarx One encrypts all communications with our service using HTTPS. In addition, data transmitted within our service to and from Amazon S3 is encrypted using TLS 1.2.
Checkmarx implements an IDS / IPS for the Checkmarx One environment using a combination of AWS Shield, WAF rules, and DevOps Guru services to identify and alert to anomalies or potential security threats.
Checkmarx proactively performs vendor risk management (VRM) assessments of our external security posture using Panorays, with an overall Cyber Posture Rating of 99%. Assessments include network and IT, application, and human maturity, and can be provided to customers.
All exposed AWS instances are protected with a web application firewall (WAF) to detect and block a wide range of web application attacks. WAF rules are customized to the Checkmarx One environment and regularly updated against the latest threats.
Checkmarx understands the importance of data privacy for our customers. Our programs, products, and services are structured to provide effective data privacy protections for Checkmarx, its customers, partners, and employees.
Security is at the heart of everything we do at Checkmarx. Our customers rely on us to protect their most valuable assets. We meet and exceed the world’s most trusted standards for data protection, privacy, and secure software development.
ISO/IEC 27001:2022
We’re certified to the latest and most recognized global standard for information security. This reflects our structured, enterprise-grade approach to managing and protecting your data.
SOC 2 Type II
Checkmarx undergoes an independent SOC 2 Type II audit annually. Our report is available upon request. We also leverage the robust security posture of AWS, which holds its own SOC 2 Type II compliance.
GDPR
Our privacy program aligns with the stringent requirements of GDPR. Our practices are designed to support transparency, user rights, and responsible data handling – no matter where you operate.
Secure Software Development Framework (SSDF)
Security isn’t just a feature – it’s built in. We align with the NIST Secure Software Development Framework (SSDF) to integrate security at every stage of our software lifecycle.
Checkmarx ensures all its products and services are designed and delivered to meet the requirements of the Confidentiality, Integrity, and Availability (CIA) triad. This provides the assurances you need to secure your application development, without slowing you down.
Status page
Monitor the operational status and recent history for Checkmarx One services running in each of its five global regions (United States, Europe, India, Singapore, and Australia & New Zealand) on the status page.
Checkmarx has developed a Responsible AI Framework to guide the ethical and effective use of AI across our application security solutions. Built on key principles of transparency, privacy, security, and developer empowerment, this framework ensures that our AI supports secure coding practices without introducing bias or undermining trust. We apply strict governance measures, including ongoing audits of AI outputs, to keep our technology aligned with industry standards and regulatory requirements. Our AI-powered tools are designed to support, not replace, human decision-making, offering clear, actionable insights that developers and security teams can rely on. By prioritizing privacy-first design and human-in-the-loop processes, Checkmarx ensures that AI strengthens the integrity and security of the software development lifecycle.
Checkmarx provides customers with additional details on security, privacy, compliance, and availability programs, including certifications, compliance reports, standard security questionnaires, and security architecture. For these and others, please contact your account team.
Security Architecture
Existing customers and prospects under NDA can contact their account teams for our white paper detailing our security architecture, access control, infrastructure security and availability controls, data management controls, and more.
Talk to Checkmarx InfoSec
Our InfoSec team is responsible for ensuring the security and integrity of our Checkmarx One platform, along with our other products and services. If you want additional information about our security policies, you can contact us.
Report a Security Vulnerability
If you’re a security researcher and discover a vulnerability in a Checkmarx product or service, please submit your findings to us.
