Checkmarx Announces GitLab Integration
August 24, 2020

Checkmarx announced its new strategic partnership with GitLab, the single application for the DevOps lifecycle, enabling users to integrate Checkmarx’s leading application security testing (AST) solutions – namely CxSAST, CxSCA, and CxCodebashing – directly into the GitLab CI/CD pipeline.

Checkmarx’s integration with GitLab, driven by its orchestration module CxFlow, empowers them to strike this balance by automatically triggering SAST and SCA security scans in the event of pull or merge requests and embedding results directly into their GitLab CI/CD pipeline. Not only does this streamline workflows by eliminating time-consuming manual scans, but it also allows developers to find and fix vulnerabilities earlier in the SDLC and make security assessments all while staying within the GitLab environment.

“Checkmarx provides the industry’s most DevOps-friendly Software Security Platform, fitting directly into developers’ native environments and enabling them to deliver more secure software faster,” said Moshe Lerner, SVP of Product Strategy & Corporate Development, Checkmarx. “Our integration with GitLab brings two DevOps powerhouses together, merging Checkmarx’s automated, best-of-breed SAST and SCA security testing capabilities with GitLab’s comprehensive platform to help users achieve true DevSecOps. Together, we’re providing developers and AppSec professionals with a clear and automated plan for security testing, all within GitLab’s easy-to-use dashboard.”

With the integrations of Checkmarx CxSAST and CxSCA, GitLab users can secure both proprietary and open source code with one powerful solution, with just-in-time developer AppSec training layered in via CxCodebashing. Powered by CxFlow, additional benefits include:

- Automated Scan Initiation & Project Creation: Configure CxFlow into GitLab’s CI/CD pipeline to trigger Checkmarx scans automatically as part of the merge request stage or during pushes to specific branches.

- Simplified Results Management: Automatically import scan results into GitLab Issues, GitLab Merge Requests Overviews, and the GitLab Security Dashboard. As a result, developers can consume and act upon defects more easily, while AppSec engineers and DevOps managers can track vulnerabilities more effectively and efficiently over time.

- Streamlined Defect Tracking: Through CxFlow’s results feedback loop, the need for manual intervention when opening and closing GitLab Issues is eliminated. Leverage policy-based tracking (e.g. vulnerability severity, CWE, type, or state) to conveniently consolidate similar issues into one GitLab Issue. Once all references to the vulnerability type are fixed, tickets are automatically closed.

Brandon Jung, VP of Alliances, GitLab, said: “Offering joint customers the ability to easily pull Checkmarx’s SAST and SCA scan results directly into the GitLab environment in an automated manner enables developers, operations and security to work smarter and more securely without sacrificing speed.”

Share this

Industry News

November 22, 2022

Red Hat introduced Red Hat Enterprise Linux 9.1and Red Hat Enterprise Linux 8.7.

November 22, 2022

Armory announced its new cloud-based solution called Continuous Deployment-as-a-Service, now available on the AWS Marketplace.

November 22, 2022

Rapid has has formally rebranded Paw to RapidAPI for Mac.

November 21, 2022

Red Hat announced the general availability of Migration Toolkit for Applications 6, based on the open source project Konveyor, aimed at helping customers accelerate large-scale application modernization efforts.

November 21, 2022

Palo Alto Networks signed a definitive agreement to acquire Cider Security (Cider).

November 17, 2022

OutSystems announced its new cloud-native development solution OutSystems Developer Cloud (ODC).

November 17, 2022

Retool announced Retool Workflows, a fast, extensible way for developers to build cron jobs, scheduled notifications, ETL tasks, and everything in between.

November 15, 2022

OutSystems announced the new OutSystems AI Mentor System.

November 15, 2022

Redpanda launched the general availability of its Redpanda Cloud managed service.

November 15, 2022

Edge Delta announced the launch of a free version, Edge Delta Free Edition, providing an intelligent and highly automated monitoring and troubleshooting experience for applications and services running in Kubernetes.

November 14, 2022

Codenotary announced TrueSBOM, a patent-pending, self-updating Software Bill of Materials (SBOM) for every application that is made possible by simply adding one line to the application source code.

November 14, 2022

Azion announced the release of the Azion Build product suite.

November 09, 2022

Puppet by Perforce announced the latest Long-Term Support (LTS) release of Puppet Enterprise.

November 09, 2022

Couchbase announced new enhancements to its database-as-a-service (DBaaS) Couchbase Capella.

November 09, 2022

Macrometa Corporation announced a new strategic equity investment, go-to-market partnership, and powerful product integrations with Akamai Technologies.