DEVOPSdigest

Checkmarx announced its new strategic partnership with GitLab, the single application for the DevOps lifecycle, enabling users to integrate Checkmarx’s leading application security testing (AST) solutions – namely CxSAST, CxSCA, and CxCodebashing – directly into the GitLab CI/CD pipeline.

Checkmarx’s integration with GitLab, driven by its orchestration module CxFlow, empowers them to strike this balance by automatically triggering SAST and SCA security scans in the event of pull or merge requests and embedding results directly into their GitLab CI/CD pipeline. Not only does this streamline workflows by eliminating time-consuming manual scans, but it also allows developers to find and fix vulnerabilities earlier in the SDLC and make security assessments all while staying within the GitLab environment.

“Checkmarx provides the industry’s most DevOps-friendly Software Security Platform, fitting directly into developers’ native environments and enabling them to deliver more secure software faster,” said Moshe Lerner, SVP of Product Strategy & Corporate Development, Checkmarx. “Our integration with GitLab brings two DevOps powerhouses together, merging Checkmarx’s automated, best-of-breed SAST and SCA security testing capabilities with GitLab’s comprehensive platform to help users achieve true DevSecOps. Together, we’re providing developers and AppSec professionals with a clear and automated plan for security testing, all within GitLab’s easy-to-use dashboard.”

With the integrations of Checkmarx CxSAST and CxSCA, GitLab users can secure both proprietary and open source code with one powerful solution, with just-in-time developer AppSec training layered in via CxCodebashing. Powered by CxFlow, additional benefits include:

- Automated Scan Initiation & Project Creation: Configure CxFlow into GitLab’s CI/CD pipeline to trigger Checkmarx scans automatically as part of the merge request stage or during pushes to specific branches.

- Simplified Results Management: Automatically import scan results into GitLab Issues, GitLab Merge Requests Overviews, and the GitLab Security Dashboard. As a result, developers can consume and act upon defects more easily, while AppSec engineers and DevOps managers can track vulnerabilities more effectively and efficiently over time.

- Streamlined Defect Tracking: Through CxFlow’s results feedback loop, the need for manual intervention when opening and closing GitLab Issues is eliminated. Leverage policy-based tracking (e.g. vulnerability severity, CWE, type, or state) to conveniently consolidate similar issues into one GitLab Issue. Once all references to the vulnerability type are fixed, tickets are automatically closed.

Brandon Jung, VP of Alliances, GitLab, said: “Offering joint customers the ability to easily pull Checkmarx’s SAST and SCA scan results directly into the GitLab environment in an automated manner enables developers, operations and security to work smarter and more securely without sacrificing speed.”