Checkmarx One brings cloud security tools directly into IDEs

Checkmarx has announced new developer experience enhancements by integrating its Application Security Posture Management (ASPM) solution directly into widely used integrated development environments (IDEs).

The cloud-based Checkmarx One application security platform aims to facilitate AppSec-related tasks for developers and incorporates tools designed to help prioritise and remediate vulnerabilities efficiently, supporting developer workflows at scale to meet organisational requirements.

The updated platform includes the Head of Engineering Dashboard, which provides a unified, data-driven overview, displaying both the volume of open vulnerabilities categorised by severity and the progress each team has made towards achieving defined security service-level agreements (SLAs).

Research highlighted by Checkmarx shows that 72% of developers in large enterprises spend over 17 hours per week on security-related activities, creating a clear need for streamlining such processes. The integration of the ASPM solution into the IDE environment is intended to address this issue by enabling developers to assess and address vulnerabilities more rapidly without having to resort to separate tools or processes.

Katie Norton, Research Manager for DevSecOps and Software Supply Chain at IDC, said: "Bringing ASPM context directly into the IDE reflects a forward-looking approach to prioritising security efforts based on risk earlier in the development process. By surfacing relevant insights in context and reducing reliance on downstream ticketing systems, Checkmarx can help developers take timely action on high-priority findings and improve collaboration between security and engineering teams."

Alongside the delivery of ASPM within the IDE, Checkmarx has introduced several new features in Checkmarx One intended to simplify the application security process for developers.

The first is Pre-commit Secrets Scanning in the IDE, driven by the Checkmarx One detection engine, which is designed to help developers avoid repetitive fixes, decrease engineering effort, and proactively protect organisational assets.

Secondly, the platform now integrates with JFrog Artifactory, supporting the protection of proprietary code and facilitating compliance within private code registries. This is expected to empower developers to maintain faster timelines for delivering secure code.

The Head of Engineering Dashboard is also introduced to give engineering leaders direct access to metrics and insights that can help reinforce AppSec best practices and enhance efficiency across their teams.

Ori Bendet, Vice President of Product at Checkmarx, stated: "Developer experience is no longer a nice to-have but a must-have for every AppSec program. Scaling application security across the enterprise is hard and the key to success are the development teams. Checkmarx One offers everything security and development teams need to be successful. Now we're taking it one step further and bringing the ASPM view for developers right to where they work."

Checkmarx One is positioned to provide comprehensive coverage for any cloud-native application during development, aiming to combine both speed and security to address the growing issues presented by software supply chain attacks, API threats, and malicious code.