Checkmarx is a global software security company headquartered in Ramat Gan, Israel. The company was acquired in April 2020 by Hellman & Friedman, a global private equity firm with headquarters in San Francisco. Founded in 2006, Checkmarx integrates automated software security technologies into DevOps.

Secur is a Checkmarx Platinium partner based in South Africa, offering Checkmarx implementation, integration and support services, these services can be offered even in Botswana, Lesotho, Namibia, Kenya and Nigeria

Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

KICS IS:

Complete

KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in popular IaC solutions and OpenAPI 3.0 specifications.

Open Source

KICS is open source and always will be. Both the scanning engine and the security queries are clear and open to the software development community.

Extensible

1,500+ fully customizable and adjustable heuristic rules, or queries, can be easily edited, extended, and added to. What’s more, our robust but simple architecture allows for support of new IaC solutions.

Application Security Built for the Cloud

Developed for today’s technology stack, processes, and vulnerabilities, the Checkmarx AST Platform™ is a solution CISOs trust and developers love. It enables DevSecOps to simplify security—in code, deployment scripts, open source dependencies, containers, microservices, and more—all from a single scan. Built from our industry-leading technologies and delivered from the cloud, it combines static and open source code analysis with IaC security, providing comprehensive and accurate results at speed from a single solution.

STATIC APPLICATION SECURITY TESTING

Checkmarx SAST™ is an enterprise-grade, flexible, and accurate static code analysis solution that identifies security vulnerabilities in custom code. It allows development, DevOps, and security teams to scan source code earlier in the SDLC, identify vulnerabilities, and provide actionable insights to remediate them sooner.

SOFTWARE COMPOSITION ANALYSIS

Checkmarx SCA™ leverages our continuously updated open source vulnerability database to empower development, security, and operations teams to find and mitigate security risks from open source code, libraries, and licenses within the software supply chain.

INFRASTRUCTURE AS CODE SECURITY

The Checkmarx AST Platform gives organizations the ability to scan IaC templates for security vulnerabilities, compliance issues, and infrastructure misconfigurations. With more than 1,500 predefined and unlimited customizable queries, KICS helps organizations quickly find IaC security issues before they make it to deployment.

APPSEC TRAINING FOR DEVELOPERS

Checkmarx Codebashing™ is a flexible, focused, gamified training platform that meets developers exactly where they are, in the languages they’re using, teaching them how to code more securely.

AUTOMATE, ANALYZE, REMEDIATE

Optimize your runtime testing with Checkmarx IAST, the solution specifically built for DevOps and your QA automation or CI/CD pipelines. Checkmarx IAST fits directly into your Test/QA phase, automating analysis through your existing functional testing processes.

OPTIMIZED TESTING AT SCALE

Modern development needs automated vulnerability detection and real-time developer feedback across environments. Get custom query tuning to optimize your results for more effective runtime testing without those DAST-ardly delays.

FINDIN’ FLAWS, FLEXIBLY

CONTINUOUS ANALYSIS FROM SOURCE TO SHIP

With flexible deployment, zero scan time, and simple customization, Checkmarx IAST lets you easily detect vulnerabilities while inspecting custom code, libraries, frameworks, APIs, configuration files, and runtime data flows.