Checkmarx

Checkmarx provides application security testing solutions that help organisations identify and remediate vulnerabilities in their software throughout the development lifecycle. Its core offerings include static application security testing (SAST), interactive application security testing (IAST), software composition analysis (SCA), and a unified devsecops platform that integrates with continuous integration and continuous delivery pipelines to deliver real‑time security feedback. The company supports a wide range of programming languages and frameworks, enabling developers to scan code directly within their integrated development environments or via command‑line tools. Checkmarx serves enterprises across multiple sectors such as finance, healthcare, technology, and government, where secure software delivery is a critical business requirement. By focusing on shifting security left, the platform aims to reduce the cost and risk associated with fixing defects later in the release cycle.

The company is headquartered in Ramat Gan, Israel, and maintains a global footprint with offices in North America, Europe, and Asia‑Pacific, allowing it to support customers worldwide. While specific employee or revenue figures are not disclosed in the available sources, Checkmarx is recognised as a prominent player in the application security market, frequently appearing in analyst rankings such as the Gartner Magic Quadrant for AST. Its distinguishing attributes include a strong emphasis on developer experience, seamless integration with popular DevOps tools, and the ability to provide actionable remediation guidance directly within the workflow. Structurally, Checkmarx is a privately held entity; it was acquired by the private‑equity firm Hellman & Friedman in 2020, which now holds ownership of the business. In March 2026, Checkmarx experienced a supply chain attack in which threat actors hijacked GitHub Action tags and used compromised credentials to access repositories, leading to data exfiltration attributed to the group TeamPCP. This incident highlighted the importance of securing the software supply chain even for security‑focused vendors.