Checkmarx One brings cloud security tools directly into IDEs

Checkmarx has announced new developer experience enhancements by integrating its Application Security Posture Management (ASPM) solution directly into widely used integrated development environments (IDEs).
The cloud-based Checkmarx One application security platform aims to facilitate AppSec-related tasks for developers and incorporates tools designed to help prioritise and remediate vulnerabilities efficiently, supporting developer workflows at scale to meet organisational requirements.
The updated platform includes the Head of Engineering Dashboard, which provides a unified, data-driven overview, displaying both the volume of open vulnerabilities categorised by severity and the progress each team has made towards achieving defined security service-level agreements (SLAs).
Research highlighted by Checkmarx shows that 72% of developers in large enterprises spend over 17 hours per week on security-related activities, creating a clear need for streamlining such processes. The integration of the ASPM solution into the IDE environment is intended to address this issue by enabling developers to assess and address vulnerabilities more rapidly without having to resort to separate tools or processes.
Katie Norton, Research Manager for DevSecOps and Software Supply Chain at IDC, said: "Bringing ASPM context directly into the IDE reflects a forward-looking approach to prioritising security efforts based on risk earlier in the development process. By surfacing relevant insights in context and reducing reliance on downstream ticketing systems, Checkmarx can help developers take timely action on high-priority findings and improve collaboration between security and engineering teams."
Alongside the delivery of ASPM within the IDE, Checkmarx has introduced several new features in Checkmarx One intended to simplify the application security process for developers.
The first is Pre-commit Secrets Scanning in the IDE, driven by the Checkmarx One detection engine, which is designed to help developers avoid repetitive fixes, decrease engineering effort, and proactively protect organisational assets.
Secondly, the platform now integrates with JFrog Artifactory, supporting the protection of proprietary code and facilitating compliance within private code registries. This is expected to empower developers to maintain faster timelines for delivering secure code.
The Head of Engineering Dashboard is also introduced to give engineering leaders direct access to metrics and insights that can help reinforce AppSec best practices and enhance efficiency across their teams.
Ori Bendet, Vice President of Product at Checkmarx, stated: "Developer experience is no longer a nice to-have but a must-have for every AppSec program. Scaling application security across the enterprise is hard and the key to success are the development teams. Checkmarx One offers everything security and development teams need to be successful. Now we're taking it one step further and bringing the ASPM view for developers right to where they work."
Checkmarx One is positioned to provide comprehensive coverage for any cloud-native application during development, aiming to combine both speed and security to address the growing issues presented by software supply chain attacks, API threats, and malicious code.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Techday NZ

3 hours ago

• Techday NZ

Agentic AI transforms business operations with enhanced oversight

The integration of agentic artificial intelligence (AI) into business operations is gaining significant momentum across industries, with new research, commentary, and product announcements underscoring both the promise and complexities of these advanced technologies. Matt Johnson, Managing Director for AI & Data at Temus, outlined the evolving landscape of AI agents, noting an industry-wide shift from rudimentary AI interactions towards more advanced, contextually aware systems. "We're witnessing a significant shift in how AI agents are being deployed across industries. The most successful implementations go far beyond basic prompting," Johnson observed. He highlighted the application of sophisticated techniques such as automated reprompting, parameter-efficient fine-tuning, and reinforcement learning, which allow agents to learn from their environments and incorporate expert knowledge. Johnson emphasised that data remains the critical foundation for agentic AI. He noted, "Companies are now realising they need deliberate strategies to acquire and structure this expert knowledge – it's become a competitive differentiator." In sectors such as healthcare and financial services, he asserted, the inclusion of human-in-the-loop workflows is not optional but essential, with the best AI systems augmenting human expertise rather than replacing it. The software development sector, according to Johnson, has provided one of the most compelling success stories, with AI tools such as Claude Code assisting developers by providing contextual suggestions and even autonomously generating code, all while preserving human oversight. This reflects a broader trend, with organisations increasingly viewing AI agents not as autonomous replacements for professionals, but as tools to enhance productivity and decision-making. In the domain of cybersecurity, a new study from Cycode, presented at the RSA Conference 2025, illuminated how agentic AI is reshaping application security practices. The survey found that while 60% of cybersecurity professionals remain in early stages of adoption, those organisations that have embraced agentic AI report notable productivity gains and reduced risks in development and security workflows. Amir Kazemi, Director of Product Marketing at Cycode, observed, "Many interpretations and modalities of 'agent' exist, from simple chatbots to complex workflow automations to true autonomous agents. Our data underscores that educating the market on what agentic AI truly is, why it matters for AppSec, and its tangible value is paramount right now." The Cycode research illustrated growing interest, with almost 50% of surveyed professionals planning to adopt agentic AI in the coming year. Yet, concerns remain about granting AI systems autonomy, with businesses taking a measured approach to integrating these tools. The study identified key opportunities: 44% of professionals believe agentic AI will improve vulnerability management, while 52% see significant value in using AI-driven security checks at the code commit stage. The perceived widening gap between application security and development resources, with some teams managing ratios as high as one security specialist per 1,000 developers, exemplifies the mounting pressure on teams that agentic AI could help alleviate. Financial services are also experiencing AI-driven transformation, as demonstrated by the launch of GTreasury's GSmart AI platform, designed specifically for treasury and finance operations. The platform aims to deliver efficiencies and transparent insights for CFOs and treasury professionals facing complex market and regulatory conditions. GTreasury CEO Renaat Ver Eecke stressed the necessity for AI in finance to prioritise security, compliance, and rapid problem-solving. "GSmart AI... empowers CFOs and treasury teams to confidently take advantage of powerful insights and value without sacrificing compliance or oversight," Ver Eecke stated. The platform provides automated analysis, risk identification, and strategic recommendations, all while ensuring auditability and governance. Mark Johnson, Chief Product Officer at GTreasury, added that GSmart AI is distinguished by its transparency and data sovereignty features, supporting rigorous standards and regulatory requirements. These developments signal that agentic AI, when combined with robust data strategies and clear boundaries for human oversight, is rapidly becoming integral to modern workflows. Whether in software development, cybersecurity, or treasury operations, organisations are increasingly seeking to leverage the unique capabilities of these AI agents to enhance human judgement, streamline complex tasks, and maintain compliance in a rapidly evolving technological landscape.

NZ Herald

5 hours ago

• NZ Herald

Fletcher Building joint venture resolves dispute with NZTA over Puhoi motorway delay

Fletcher Building and its 50% joint venture partner Acciona have reached a settlement with the NZ Transport Agency and the Northern Express Group over Covid-related delays to the construction of the Puhoi to Warkworth motorway. The motorway opened in June 2023, well beyond its original December 2021 scheduled opening. The

Techday NZ

5 days ago

• Techday NZ

HPE launches Nonstop Compute NS5 X5 & NS9 X5 for high reliability

Hewlett Packard Enterprise has announced the addition of the HPE Nonstop Compute NS5 X5 and NS9 X5 to its portfolio of fault-tolerant computing solutions, targeting enterprises that require high reliability and performance for critical business operations. The new HPE Nonstop Compute models are designed to provide organisations with increased processing power, flexibility, and system availability. Both models, available immediately, introduce enhancements in hardware and networking, aiming to help businesses accelerate important processes and support modern workloads across various data centre environments. Performance enhancements The entry-level NS5 X5 uses Intel Xeon Bronze 3400 series processors, while the flagship NS9 X5 is equipped with Intel Xeon Gold 6400 series processors. According to the company, these upgrades allow for up to 15% greater performance capacity compared to prior models. Each platform combines compute, software, storage, networking, and associated services based on HPE's fault-tolerant architecture, aiming to ensure continuous operations for mission-critical activities such as payment processing, fraud detection, and smart manufacturing execution systems (MES). The new systems provide double the memory capacity of their predecessors, with up to 8 TB available. The NS9 X5 also offers 2.5 times greater networking bandwidth and improved fibre channel connectivity, which facilitates higher transaction throughput in financial services and supports multi-plant integration in manufacturing. "Our customers rely on HPE Nonstop solutions to power mission-critical workloads," said Casey Taylor, General Manager, HPE Nonstop at HPE. "In fact, one of our auto manufacturing customers has been using HPE's fault-tolerant systems for more than 35 years without any unplanned downtime. With the launch of HPE Nonstop Compute NS5 X5 and NS9 X5, we are reinforcing our commitment to deliver an architecture designed for fault-tolerance and high performance so that our customers can scale their businesses and innovate with confidence." Industry analyst IDC categorises HPE Nonstop solutions as AL4, with reported uptimes of 99.999% or 99.9999%. These attributes are seen as essential by organisations handling core transactions and sensitive data, particularly in sectors reliant on uninterrupted processing such as finance, healthcare, and retail. Regional outlook "Enterprises across Asia Pacific are rapidly digitalizing critical business operations in sectors such as financial services, telecommunications, retail, and healthcare, which is fueling unprecedented demand for resilient, high-performance infrastructure," said Rod Cortez, General Manager, HPE Nonstop at HPE APAC & India. "The new HPE Nonstop Compute solutions are engineered for this era, delivering enhanced processing power, memory, and networking performance to help organizations modernize workloads and future-proof their data centers. These solutions reflect HPE's commitment to supporting the region's digital transformation by enabling enterprises to accelerate business processes with confidence, agility, and unmatched reliability." HPE's update also brings operating system enhancements, adding support for multi-factor authentication (MFA). This capability is intended to help organisations meet regulatory compliance needs including the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and SOC 2 requirements. Industry adoption Many enterprises in industries with strict uptime requirements already rely on HPE Nonstop platforms. According to HPE, a car rental company uses the platform to handle 80,000 daily reservations, while six of the world's top ten full-service retail banks use HPE Nonstop to support card payments, ATM functionality, and core banking operations. NS9 X5 features backward compatibility, allowing customers to cluster the new system with the previous two generations of HPE Nonstop Compute. This capability ensures seamless expansion and migration for existing users without causing operational disruption. Both the NS5 X5 and NS9 X5 are available as standalone systems or through HPE GreenLake, offering an as-a-service consumption model. The systems are supported by HPE Nonstop Compute engineers experienced in migrating mission-critical workloads.