Sold by: Check Point Software Technologies
CloudGuard Code Security is a blazing-fast language-agnostic scanner for detecting secrets, CVEs, and compliance violations in code and IaC with CI/CD hardening features, which seamlessly integrates into everything from the IDE to git and build machine.
4.4
Overview
Check Point CloudGuard Code Security is a powerful language-agnostic code scanner able to: Detect hardcoded secrets, keys, and credentials in any programming language with dynamic detectors in repos and host file systems.
Detect and remove secrets from Jira and Confluence.
Identify compliance violations against industry standards and regulatory requirements, including various AWS frameworks for Infrastructure as Code (IaC) template configurations.
Seamlessly integrate with VS Code, GitHub, GitLab, and Bitbucket, as well as CI/CD tools like Jenkins, CircleCI, AWS CodePipeline, and many more, with pre-receive hooks for blocking risky commits to periodic repo scans using git bots.
No reliance on cloud services, meaning your source code never leaves your environment.
Harden CI/CD pipelines and limit source code access to mitigate code exfiltration risks and unauthorized access. Designed for developers but built for the CISO organization, CloudGuard Code Security is a DevSecOps/Shift-Left solution that ensures code security does not hinder development speed or burden developers with building intricate scanner rules and quality gates while empowering security practitioners with full visibility and control over rules and posture. It achieves this with: Blazing fast scan speed: approximately 10 MB in half a second.
Detailed remediation playbooks, providing developers with solutions rather than problems.
Dashboards designed to facilitate cooperation between developers and security practitioners from the VP R&D/CISO level down to the software engineer/SOC expert.
2,800 out-of-the-box detectors, allowing security experts to enforce rules without requiring coding/DevOps skills. From identifying risky code (e.g., open ports, dated protocols, etc.) to detecting hard-coded keys and credentials and IaC violations of security farmwork, nothing escapes our detectors.
Seamless integration with Check Point CloudGuard ecosystem, extending code security to runtime (including secrets, malware, and CVE detection in containers, VMs, and serverless).
Highlights
- No More Secrets: Regardless of programming language. Detect secrets like API keys and passwords in any programming language spanning your entire development pipeline from the IDE to the build machine, as well as Jira and Confluence.
- Blazing Fast Performance: 10 MB of code in half a second. Scan 10 MB of code in about half a second with over 2800 active detectors out of the box, providing high-speed security without disrupting development workflows and without sending your code for scanning in the cloud.
- Compliance Enforcement: From ISO, to NIST, CIS, PCI, and more. Identify compliance with various AWS frameworks for Infrastructure as Code (IaC) template configurations, ensuring your cloud infrastructure meets industry standards and best practices before configurations reach your cloud.
Details
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. Request a private offer to receive a custom quote. Sign in to view any offers that have been extended to you.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
CloudGuard Code Security Support Information
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/
- To open a support ticket, please have your Check Point user center account information available. If you do not have a user center account, sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and a built-in security management server
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation.
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
As your organization expands its web applications, generative AI tools, and APIs, the attack surface grows, increasing exposure to sophisticated cyber threats. Check Point WAF for AWS is a prevention-first, AI-powered web application firewall (WAF) solution designed to deliver robust web application, generative and agentic AI, and API security without compromising efficiency or ease of management.
Customer reviews
Mamadou Fallou Diagne
Management team gains substantial protection while navigating ongoing configuration challenges
Reviewed on May 30, 2025
Review provided by PeerSpot
What is our primary use case?
My team and I work with Check Point CloudGuard Code Security and handle all related tasks, including deploying virtual machines and configuring all aspects.
Our security team's roles include networking security, and our responsibility is to deploy all firewalls across our organization's sites, both on-premises and in the cloud.
What is most valuable?
The most valuable features of Check Point CloudGuard Code Security include our approach to manage it via the management we have on-premises, and we also deploy the same extension management of CloudGuard to manage all the virtual systems on Azure .
We effectively use artificial intelligence with Check Point CloudGuard Code Security, as we have teams that work with AI and we frequently manage our firewalls using AI along with the CloudGuard and all virtual systems.
What needs improvement?
There are still areas for improvement with Check Point CloudGuard Code Security. All the features we have on the firewall on the on-premises side, we also have under CloudGuard such as IPS, Anti-Bot, and all these blades are set up in our CloudGuard.
For how long have I used the solution?
[Full sentence answer to 'For how long have I used the solution?' from the text.]
What was my experience with deployment of the solution?
The initial setup of Check Point CloudGuard Code Security is very challenging because it requires more preparation, and we need more guides to understand how to set up all aspects.
How are customer service and support?
I would rate the support for Check Point CloudGuard Code Security as good because we can quickly email support about any problems we encounter, and they reply instantly to provide help. I would give it an eight.
How was the initial setup?
To deploy Check Point CloudGuard Code Security, it requires four people on our team to manage all the Check Point devices.
Which other solutions did I evaluate?
What other advice do I have?
I do not have experience with CyberArk, we only work with VSX and the family of VSX , which is provided by Check Point.
I can recommend Check Point CloudGuard Code Security to other organizations as it is a good platform to protect our organization. On a scale of one to ten, I rate this solution an eight.
Evans Vs
Accurate vulnerability detection, deep code analysis, and helpful remediation guidance
Reviewed on Jul 25, 2024
Review provided by PeerSpot
What is our primary use case?
The primary use case of this solution is to detect vulnerabilities, prevent breaches, accelerate development, and improve code quality.
How has it helped my organization?
It helped us to reduce vulnerabilities, improve code quality, enhance security posture, and offer us good cost savings.
What is most valuable?
The solution's most valuable aspects include its accurate vulnerability detection, deep code analysis, remediation guidance, false positive guidance and customizable rules.
What needs improvement?
The solution should improve vulnerability in-depth, false-positive reduction, integration with other tools, performance optimization, and the user interface.
For how long have I used the solution?
I've used the solution for two years.
What do I think about the stability of the solution?
The stability is good.
What do I think about the scalability of the solution?
The scalability is good.
How are customer service and support?
Technical support is good but can be improved.
Which solution did I use previously and why did I switch?
No, I did not use another solution.
How was the initial setup?
The initial setup is straightforward.
What about the implementation team?
We implemented the solution with an in-house team.
What was our ROI?
The ROI is nice.
What's my experience with pricing, setup cost, and licensing?
Pricing and licensing modules need to be improved.
Which other solutions did I evaluate?
No, I did not evaluate other options.
reviewer2379477
Does exactly what is advertised, and it is extremely affordable and reliable
Reviewed on Mar 15, 2024
Review from a verified AWS customer
What is our primary use case?
It was adopted in response to the events of SolarWinds, where API credentials were leaked into Git repositories or other developer tools. We, at the time, had no detective or preventive controls to prevent this sort of disclosure, so CloudGuard Code Security was implemented into the pipelines themselves to detect secrets being disclosed.
How has it helped my organization?
We have had a number of real events where developers accidentally made commits of API keys, and we were able to detect and begin response actions in minutes. We had the API key revoked in less than five minutes in such events. If we did not have CloudGuard Code Security, we would not have known about it for who knows how long. There is absolutely a very meaningful difference.
CloudGuard Code Security is great for protecting our code and assets from exposed API keys, tokens, or credentials. It does exactly what is advertised, and it does it reliably. It is a great solution.
The scanning of code throughout development helps save developers time. One of the important attributes of the shift-left movement was getting developer feedback as quickly as possible to reduce cycle time and context switching. CloudGuard Code Security very much improves that by allowing the mistakes to be detected almost immediately and remediation efforts to be implemented. In terms of time saved from not having to redo problematic production code, context switching is about a 30-minute loss for most developers. Each incident is 30 minutes. Hopefully, it is infrequent. There are two pieces. There is secrets detection, which is not an efficiency play. It is risk mitigation because of the enormity of the impact that it could lead to. The other side of it is the configuration management side. That is where you do have ongoing feedback as people use TerraForm or other infrastructure as code languages, and getting that feedback to them quickly is certainly valuable. It saves a lot of time there.
CloudGuard Code Security helps identify high-risk security misconfigurations in our code during the development phase. On the merge event, for the infrastructure as code, it analyzes the configurations. It looks for known adverse configurations and comments on the merge request. It usually prevents the merge request from happening to begin with, and then you have a commit, which hopefully remediates the issue. It probably has had some beneficial impacts on product security, but it did not necessarily create new visibility that did not exist before. CSPM tools from Check Point give us visibility into adverse configurations, but we saw them later on or down the line, and we had to deal with making people go back and fix them, so I do not know if it had a massive change on the outcome, but it has impacted the efficiency of getting to the outcome.
CloudGuard Code Security has helped our development team adopt a security mindset. It keeps security on top of mind when dealing with infrastructure as code or secrets and ensures that it does not get lost or overlooked. If they are aware of security and it is on top of mind, hopefully, they will make better decisions.
The time taken by CloudGuard Code Security to scan our codebase depends on the size of the Git Repo, but on average, it is between ten seconds to a minute.
CloudGuard Code Security does not impede the development flow because the inflection point for the most part is on the merge request creation. In most organizations, especially if they are in any sort of highly regulated space, the creation of the merge request is usually followed by approvals from peers or partners on the merge before it is merged. With a latency of ten seconds to a minute, most of the time, approvers have not even opened the page before the contextually rich security information is already there waiting for them to make a good decision. So, it does not impede the development flow at all. It just means that the approvers have the ability to make rich decisions with all of the information already laid out for them.
What is most valuable?
Secrets detection is the bread and butter.
We have used the infrastructure as code as well. It was really early in the market and had comprehensive coverage across Terraform, cloud formation, and ARM. We used that as well but not as heavily. It was more of an ancillary benefit.
What needs improvement?
There are a lot of opportunities for how they can use their technology to do more. That would be more like sensitive data discovery and other things besides Git Repos, but then you are expanding the scope of what necessarily their product is. If we talk about what problem we are trying to solve, which is secrets disclosure, perhaps even validation of configuration management inside of Git environments, it is a very comprehensive solution. It is what it is, and it does a great job.
For how long have I used the solution?
We have been using CloudGuard Code Security for three and a half years.
What do I think about the stability of the solution?
It is bulletproof.
What do I think about the scalability of the solution?
It uses Lambda as its backend, so it is really a question about the scalability of AWS, which is bulletproof.
It is integrated into our Git Repo, so it is a Git-level control. The users of Git exist across locations, departments, and knowledge domains. It is a universally applied control irrespective of the employees. It broadly affects any user of Git across the company.
How are customer service and support?
When we first launched this, it was a brand-new product, and there was very hands-on support. We had a couple of issues that they worked through very effectively and efficiently. They were super responsive. For the last two years, I have not talked to their support at all because it has just worked.
We have got great service from Check Point. I would rate them a nine out of ten.
Which solution did I use previously and why did I switch?
We did not use any other solution previously.
How was the initial setup?
The deployment was very fast. It probably took my team a day to wire in the integration with the Git side. We did a little bit of SOAR work to make sure our response was efficient. It was a very quick and painless setup.
In terms of the deployment model, it is a webhook from a Git Repo into a Lambda function hosted in our AWS account that scans and then replies back. That would be considered a self-hosted public cloud.
It was very simple. It was done three years ago. I am sure things have changed, but at the time, it was a cloud formation stack set that was deployed into an account, and then there were a couple of configuration pieces in Git Repo where you need to point the webhook to the Lambda function you have stood up, and that was it. You were done. I imagine there is a slightly different process today for CloudGuard Code Security than three years ago. It is probably a little bit more fully managed on their end today, but I do not know that for sure.
What about the implementation team?
We did not take any external help. It was very easy.
What was our ROI?
The thing we are trying to stop is a really bad SolarWinds type of event, which would cost an organization millions of dollars, so the ROI is preventing that outcome. It is a risk mitigation play. There is not necessarily a strong ROI from a non-event.
What's my experience with pricing, setup cost, and licensing?
It is extremely affordable and high value for cost.
Which other solutions did I evaluate?
When we bought it three years ago, as far as I know, there were no other options. This was the first to market.
What other advice do I have?
To those evaluating CloudGuard Code Security, I would advise doing a PoC. It is easy to integrate. It takes a day to get it all set up and working. Do some testing on merging things that you know would be bad and watch what happens. The product sells itself.
I would rate CloudGuard Code Security a ten out of ten.
it_user2351736
Comprehensive protection for cloud workloads and applications that offers robust security features, seamless integration with multi-cloud environments and excellent threat detection capabilities
Reviewed on Feb 28, 2024
Review provided by PeerSpot
What is our primary use case?
Our primary use case involves protecting our internal services hosted within our data center's cloud environment, which includes virtual machines housing critical company resources. Additionally, we safeguard external services used by our customers with Check Point security measures.
How has it helped my organization?
The benefits derived from utilizing Check Point solutions for achieving our security objectives primarily lie in bolstering threat prevention and network security measures. This includes safeguarding against various threats, such as vulnerabilities and potential attacks.
It offers robust security capabilities spanning multiple cloud environments, which is highly beneficial. The platform is user-friendly, especially with its multi-domain solution.
We have a strong sense of security assurance when utilizing CloudGuard, as it consistently delivers outstanding protection capabilities.
What is most valuable?
The most critical features for me revolve around security, as I primarily focus on network engineering.
What needs improvement?
The enhancements are needed in the logging system and log management processes. Additionally, we encounter issues with geolocation functionality, which is crucial for enforcing access restrictions based on location. While we heavily rely on this feature, it occasionally fails to function correctly, posing challenges to our security measures.
For how long have I used the solution?
I have been using it for two years.
What do I think about the stability of the solution?
It provides excellent stability capabilities.
What do I think about the scalability of the solution?
In terms of scalability, our infrastructure comprises a private cloud with eight hundred servers and a public cloud serving our customers. Within this setup, we manage their database applications, application sites, disaster recovery mechanisms, and all security measures without encountering any issues.
How are customer service and support?
The technical support is satisfactory; they respond promptly, and I am pleased with their service. I would rate it nine out of ten.
Which solution did I use previously and why did I switch?
In my previous roles, I've gained experience working with FortiGate and Cisco firewalls, each offering its own set of advantages. FortiGate stands out for its user-friendly configuration interface, yet it faces stability issues in certain regions, particularly with routing tables. Cisco, on the other hand, provides a unified management platform for network configuration, which simplifies tasks for some networks. However, I've found Check Point to be my preferred choice over the past two years due to its exceptional stability. Unlike Cisco, which has been prone to crashes in my experience, Check Point has consistently delivered reliability. While FortiGate is known for its ease of use and Cisco for its complexity, Check Point falls somewhere in the middle in terms of usability. Compared to other vendors, Check Point excels in identifying threats effectively.
We selected CloudGuard due to its stability and because our team has extensive experience with it. We are highly satisfied with it.
How was the initial setup?
Configuration is also simple and not overly complex.
What about the implementation team?
For deployment, our integration with NSX is seamless, quick, and efficient.
What was our ROI?
We've experienced a positive return on investment with its usage, primarily through time savings attributed to its stability and user-friendly administration. Working with it is straightforward and not overly complicated, allowing us ample time for other tasks.
What's my experience with pricing, setup cost, and licensing?
Renewing licenses is relatively simple, though there is room for further streamlining the process.
What other advice do I have?
Overall, I would rate it eight out of ten.
Nagendra Nekkala.
Good security and functionality with helpful support
Reviewed on Dec 01, 2023
Review from a verified AWS customer
What is our primary use case?
We have so many applications where the code needs to be verified before it can be transferred to production. This scans the code and all the configurations to detect issues.
How has it helped my organization?
We're able to protect APIs from exposure and ensure we have credentials for transactions. If any misconfiguration happens, we can be sure we will not be compromised.
What is most valuable?
The security on offer is great. It's secure in terms of testing all the workloads. We can test across any workload or multiple clouds. It offers unified prevention. It also offers posture management by verifying proper scanning.
We use the GSL builder. It's easy to write customer rules or policies using it. Of course, you do need proper training on the product first. It takes around one week to get trained.
We've been able to reduce human error, and you can build the rules for better coverage.
It provides functionality across cloud providers.
The solution helps us save time. We've reduced the amount of time spent by 25%.
Its unified security management console is a very complete dashboard. We can see all security threats and can gain visibility into what is happening. We have access to automation and can monitor the security of IT systems.
The product offers role-based access control so that we can set up different privileges for admin users.
Cloud Guard Spectrum is good for automating our organization's security across assets, workloads, and multiple clouds. With it, we have advanced pre-prevention across the cloud security network. It works for on-premises also.
We can easily determine our organization's security posture. It will ensure my application's availability time across the enterprise.
Network security helped us reduce our compliance and audit activities. We've saved about 20% of our time.
Having a cloud detection response helps to very quickly identify security threats in our environment. It's automated so it saves us time. That way, people can work on other projects. On any given day, we're spending 20% less time in general worrying about detection and response. Our security operations are saving a lot of time using a unified platform.
What needs improvement?
There needs to be better security around API integration.
For how long have I used the solution?
I've been using the solution for two years.
What do I think about the stability of the solution?
The stability of the product is very good.
What do I think about the scalability of the solution?
We have the product deployed to a single location. We have 250 end-users.
The scalability is good; I find that I can scale up.
How are customer service and support?
Technical support is very good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did not previously use a different solution.
How was the initial setup?
I was not involved with the deployment of the product.
The product does not require any maintenance.
What's my experience with pricing, setup cost, and licensing?
I'm not sure what the exact pricing is.
Which other solutions did I evaluate?
We did not evaluate any other solution.
What other advice do I have?
I'm a customer and end-user.
With CloudGuard, you can easily secure the workloads and applications running in a hybrid environment or public cloud. It helps mitigate risk and protects against data leakage or breaches. It's a one-stop solution.
I'd rate the solution nine out of ten. I'd recommend the solution to others.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)