Checkmarx Announces GitLab Integration
August 24, 2020

Checkmarx announced its new strategic partnership with GitLab, the single application for the DevOps lifecycle, enabling users to integrate Checkmarx’s leading application security testing (AST) solutions – namely CxSAST, CxSCA, and CxCodebashing – directly into the GitLab CI/CD pipeline.

Checkmarx’s integration with GitLab, driven by its orchestration module CxFlow, empowers them to strike this balance by automatically triggering SAST and SCA security scans in the event of pull or merge requests and embedding results directly into their GitLab CI/CD pipeline. Not only does this streamline workflows by eliminating time-consuming manual scans, but it also allows developers to find and fix vulnerabilities earlier in the SDLC and make security assessments all while staying within the GitLab environment.

“Checkmarx provides the industry’s most DevOps-friendly Software Security Platform, fitting directly into developers’ native environments and enabling them to deliver more secure software faster,” said Moshe Lerner, SVP of Product Strategy & Corporate Development, Checkmarx. “Our integration with GitLab brings two DevOps powerhouses together, merging Checkmarx’s automated, best-of-breed SAST and SCA security testing capabilities with GitLab’s comprehensive platform to help users achieve true DevSecOps. Together, we’re providing developers and AppSec professionals with a clear and automated plan for security testing, all within GitLab’s easy-to-use dashboard.”

With the integrations of Checkmarx CxSAST and CxSCA, GitLab users can secure both proprietary and open source code with one powerful solution, with just-in-time developer AppSec training layered in via CxCodebashing. Powered by CxFlow, additional benefits include:

- Automated Scan Initiation & Project Creation: Configure CxFlow into GitLab’s CI/CD pipeline to trigger Checkmarx scans automatically as part of the merge request stage or during pushes to specific branches.

- Simplified Results Management: Automatically import scan results into GitLab Issues, GitLab Merge Requests Overviews, and the GitLab Security Dashboard. As a result, developers can consume and act upon defects more easily, while AppSec engineers and DevOps managers can track vulnerabilities more effectively and efficiently over time.

- Streamlined Defect Tracking: Through CxFlow’s results feedback loop, the need for manual intervention when opening and closing GitLab Issues is eliminated. Leverage policy-based tracking (e.g. vulnerability severity, CWE, type, or state) to conveniently consolidate similar issues into one GitLab Issue. Once all references to the vulnerability type are fixed, tickets are automatically closed.

Brandon Jung, VP of Alliances, GitLab, said: “Offering joint customers the ability to easily pull Checkmarx’s SAST and SCA scan results directly into the GitLab environment in an automated manner enables developers, operations and security to work smarter and more securely without sacrificing speed.”

Share this

Industry News

May 22, 2024

Mendix announced a partnership with Snowflake to enable the enterprise to activate and drive maximum value from their data through low-code application development.

May 22, 2024

LaunchDarkly set the stage for “shipping at the speed of now” with the unveiling of new features, empowering engineering teams to streamline releases and accelerate the pace of innovation.

May 22, 2024

Tigera launched new features for Calico Enterprise and Calico Cloud, extending the products' Runtime Threat Defense capabilities.

May 22, 2024

Cirata announced the latest version of Cirata Gerrit MultiSite®.

May 21, 2024

Puppet by Perforce announced a significant enhancement to the capabilities of its commercial offering with the addition of new security, compliance, and continuous integration/continuous delivery (CI/CD) capabilities.

May 21, 2024

Red Hat and Nutanix announced an expanded collaboration to use Red Hat Enterprise Linux as an element of Nutanix Cloud Platform.

May 21, 2024

Nutanix announced Nutanix Kubernetes® Platform (NKP) to simplify management of container-based modern applications using Kubernetes.

May 21, 2024

Octopus Deploy announced their GitHub Copilot Extension that increases efficiency and helps developers stay in the flow.

May 20, 2024

Pegasystems introduced Pega GenAI™ Coach, a generative AI-powered mentor for Pega solutions that proactively advises users to help them achieve optimal outcomes.

May 20, 2024

SmartBear introduces SmartBear HaloAI, trusted AI-driven technology deploying across its entire product portfolio.

May 16, 2024

Pegasystems announced the general availability of Pega Infinity ’24.1™.

May 16, 2024

Mend.io and Sysdig unveiled a joint solution to help developers, DevOps, and security teams accelerate secure software delivery from development to deployment.

May 16, 2024

GitLab announced new innovations in GitLab 17 to streamline how organizations build, test, secure, and deploy software.

May 16, 2024

Kobiton announced the beta release of mobile test management, a new feature within its test automation platform.

May 15, 2024

Gearset announced its new CI/CD solution, Long Term Projects in Pipelines.