Checkmarx Announces GitLab Integration
August 24, 2020

Checkmarx announced its new strategic partnership with GitLab, the single application for the DevOps lifecycle, enabling users to integrate Checkmarx’s leading application security testing (AST) solutions – namely CxSAST, CxSCA, and CxCodebashing – directly into the GitLab CI/CD pipeline.

Checkmarx’s integration with GitLab, driven by its orchestration module CxFlow, empowers them to strike this balance by automatically triggering SAST and SCA security scans in the event of pull or merge requests and embedding results directly into their GitLab CI/CD pipeline. Not only does this streamline workflows by eliminating time-consuming manual scans, but it also allows developers to find and fix vulnerabilities earlier in the SDLC and make security assessments all while staying within the GitLab environment.

“Checkmarx provides the industry’s most DevOps-friendly Software Security Platform, fitting directly into developers’ native environments and enabling them to deliver more secure software faster,” said Moshe Lerner, SVP of Product Strategy & Corporate Development, Checkmarx. “Our integration with GitLab brings two DevOps powerhouses together, merging Checkmarx’s automated, best-of-breed SAST and SCA security testing capabilities with GitLab’s comprehensive platform to help users achieve true DevSecOps. Together, we’re providing developers and AppSec professionals with a clear and automated plan for security testing, all within GitLab’s easy-to-use dashboard.”

With the integrations of Checkmarx CxSAST and CxSCA, GitLab users can secure both proprietary and open source code with one powerful solution, with just-in-time developer AppSec training layered in via CxCodebashing. Powered by CxFlow, additional benefits include:

- Automated Scan Initiation & Project Creation: Configure CxFlow into GitLab’s CI/CD pipeline to trigger Checkmarx scans automatically as part of the merge request stage or during pushes to specific branches.

- Simplified Results Management: Automatically import scan results into GitLab Issues, GitLab Merge Requests Overviews, and the GitLab Security Dashboard. As a result, developers can consume and act upon defects more easily, while AppSec engineers and DevOps managers can track vulnerabilities more effectively and efficiently over time.

- Streamlined Defect Tracking: Through CxFlow’s results feedback loop, the need for manual intervention when opening and closing GitLab Issues is eliminated. Leverage policy-based tracking (e.g. vulnerability severity, CWE, type, or state) to conveniently consolidate similar issues into one GitLab Issue. Once all references to the vulnerability type are fixed, tickets are automatically closed.

Brandon Jung, VP of Alliances, GitLab, said: “Offering joint customers the ability to easily pull Checkmarx’s SAST and SCA scan results directly into the GitLab environment in an automated manner enables developers, operations and security to work smarter and more securely without sacrificing speed.”

Share this

Industry News

December 03, 2020

Copado announced its Winter 21 release, providing end-to-end DevOps value stream management platform for Salesforce.

December 03, 2020

MayaData and Platform9 announced a collaboration for the deployment and operation of performance-sensitive stateful workloads on Kubernetes.

December 03, 2020

Harness announced first-class integration with Amazon Elastic Container Service (ECS) Container Orchestration, enabling mission-critical applications to run in Docker containers with less scripting and redundancy, and out-of-the-box deployment strategies.

December 02, 2020

Amazon Web Services (AWS), an Amazon.com company, announced Amazon DevOps Guru, a fully-managed operations service that uses machine learning to make it easier for developers to improve application availability by automatically detecting operational issues and recommending specific actions for remediation.

December 02, 2020

Salesforce and Slack Technologies have entered into a definitive agreement under which Salesforce will acquire Slack.

December 02, 2020

Kasten by Veeam announced Kasten K10 v3.0.

December 02, 2020

Mattermost announced the launch of Mattermost Cloud, a new SaaS platform that is designed to optimize collaboration for DevOps teams and privacy-conscious enterprises.

December 01, 2020

CloudBees announced a virtual launch event on December 10 to formally release the first two modules of its Software Delivery Management solution: CloudBees Engineering Efficiency and CloudBees Feature Management.

December 01, 2020

GitOps creator Weaveworks announced the availability of release 2.4 of Weave Kubernetes Platform (WKP).

December 01, 2020

Adaptavist has joined the Sonatype partner program as a Platinum Enterprise Partner.

November 30, 2020

Shipa is open sourcing Ketch, Shipa's deployment engine, under Apache License Version 2.0.

November 30, 2020

Portworx by Pure Storage announced its qualification and support of Portworx Enterprise for Google Cloud's Anthos on bare metal.

November 30, 2020

SnapLogic now supports SaaS contracts in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).

November 24, 2020

Red Hat announced new capabilities and features for Red Hat OpenShift, the company's enterprise Kubernetes platform.

November 24, 2020

Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform.