Checkmarx Announces GitLab Integration
August 24, 2020

Checkmarx announced its new strategic partnership with GitLab, the single application for the DevOps lifecycle, enabling users to integrate Checkmarx’s leading application security testing (AST) solutions – namely CxSAST, CxSCA, and CxCodebashing – directly into the GitLab CI/CD pipeline.

Checkmarx’s integration with GitLab, driven by its orchestration module CxFlow, empowers them to strike this balance by automatically triggering SAST and SCA security scans in the event of pull or merge requests and embedding results directly into their GitLab CI/CD pipeline. Not only does this streamline workflows by eliminating time-consuming manual scans, but it also allows developers to find and fix vulnerabilities earlier in the SDLC and make security assessments all while staying within the GitLab environment.

“Checkmarx provides the industry’s most DevOps-friendly Software Security Platform, fitting directly into developers’ native environments and enabling them to deliver more secure software faster,” said Moshe Lerner, SVP of Product Strategy & Corporate Development, Checkmarx. “Our integration with GitLab brings two DevOps powerhouses together, merging Checkmarx’s automated, best-of-breed SAST and SCA security testing capabilities with GitLab’s comprehensive platform to help users achieve true DevSecOps. Together, we’re providing developers and AppSec professionals with a clear and automated plan for security testing, all within GitLab’s easy-to-use dashboard.”

With the integrations of Checkmarx CxSAST and CxSCA, GitLab users can secure both proprietary and open source code with one powerful solution, with just-in-time developer AppSec training layered in via CxCodebashing. Powered by CxFlow, additional benefits include:

- Automated Scan Initiation & Project Creation: Configure CxFlow into GitLab’s CI/CD pipeline to trigger Checkmarx scans automatically as part of the merge request stage or during pushes to specific branches.

- Simplified Results Management: Automatically import scan results into GitLab Issues, GitLab Merge Requests Overviews, and the GitLab Security Dashboard. As a result, developers can consume and act upon defects more easily, while AppSec engineers and DevOps managers can track vulnerabilities more effectively and efficiently over time.

- Streamlined Defect Tracking: Through CxFlow’s results feedback loop, the need for manual intervention when opening and closing GitLab Issues is eliminated. Leverage policy-based tracking (e.g. vulnerability severity, CWE, type, or state) to conveniently consolidate similar issues into one GitLab Issue. Once all references to the vulnerability type are fixed, tickets are automatically closed.

Brandon Jung, VP of Alliances, GitLab, said: “Offering joint customers the ability to easily pull Checkmarx’s SAST and SCA scan results directly into the GitLab environment in an automated manner enables developers, operations and security to work smarter and more securely without sacrificing speed.”

Share this

Industry News

December 02, 2021

Mirantis announced DevOpsCare, powered by Lens, a vendor-agnostic, fully-managed CI/CD (continuous integration/continuous deployment) product for any Kubernetes environment, offering developers higher levels of productivity more quickly.

December 02, 2021

The D2iQ Kubernetes Platform (DKP) is now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services, Inc. (AWS).

December 01, 2021

Bugcrowd announced the availability of Bugcrowd's cybersecurity solutions on the AWS Marketplace, providing customers with easy access, simplified billing, quick deployment, and streamlined license management.

December 01, 2021

Kublr received Microsoft Azure Arc-enabled Kubernetes validation, including for Azure Arc-enabled Kubernetes for Data Services.

December 01, 2021

CloudSphere achieved Amazon Web Services (AWS) Migration and Modernization Competency for discovering, planning, and helping enterprise customers move business services to AWS to reduce cost, increase agility and improve security.

November 30, 2021

JFrog introduced a new container registry and package manager for running JFrog Artifactory with Kubernetes clusters on-premises, in the cloud, or both.

November 30, 2021

Docker announced the availability of Docker Official Images directly from Amazon Web Services (AWS).

November 30, 2021

Weaveworks announced the general availability of Weave GitOps Enterprise, a GitOps platform that automates continuous application delivery and Kubernetes operations at any scale.

November 30, 2021

Amazon Web Services announced AWS Mainframe Modernization, a new service that makes it faster and easier for customers to migrate mainframe and legacy workloads to the cloud, and enjoy the superior agility, elasticity, and cost savings of AWS.

November 29, 2021

Quali announced the newest release of Torque Enterprise, which includes enhanced integration with Terraform, new custom tagging capabilities, and improved cost visibility dashboards, unleashing an entirely new level of self-service access to application environments on demand.

November 29, 2021

Vertical Relevance (VR), a financial services-focused consulting firm, achieved Amazon Web Services (AWS) DevOps Competency status.

November 18, 2021

Loft Labs announced the launch of Loft version 2 with a focus on ease of use that overcomes the major complaint that Kubernetes is complex and hard to set up.

November 18, 2021

Perforce Software announced new functionality to speed remediation of discovered defects in automated scans.

November 18, 2021

Lacework raised $1.3 billion in growth funding at a valuation of $8.3 billion.

November 17, 2021

Parasoft announced the 2021.2 release of Parasoft C/C++test, the unified C and C++ development testing solution for embedded applications.