Sold by: Checkmarx
Deployed on AWS
Checkmarx One helps you deliver secure software faster with an integrated Application Security Testing platform deployed as a service. A single event, like a code commit or build stage, can trigger scans of your source code, dependencies, and IaC templates, with results aggregated in one place.
4.2
Overview
Checkmarx One is an integrated Application Security Testing (AST) platform delivered by Checkmarx, an AWS Advanced Tier partner with Security and DevOps Competencies. We're a global leader in software security solutions, trusted by 1,700+ organizations and consistently recognized by Gartner as a Leader in AST. Checkmarx One delivers three essential AST services on a platform that's easy to integrate into your existing dev tools: Static application security testing: Checkmarx One is a flexible, accurate solution able to identify hundreds of vulnerabilities and weaknesses in custom code, with support for 25+ languages and frameworks. Software composition analysis: CxSCA enables you to mitigate risks in open source software and third-party libraries. Users can identify and prioritize open source vulnerabilities, take inventory of open source components and dependencies in use, and evaluate the risk of open source licenses. Infrastructure as code analysis: KICS detects security misconfigurations in IaC templates, helping prevent errors such as open storage buckets, insecure databases, and excessive privileges. Checkmarx One is easy to integrate: one event can trigger all scan types for your project, and scan results are aggregated, giving you fast triage of your project's security posture. Checkmarx One Developer Assist is an advanced security agent that delivers real-time context-aware prevention, remediation, and guidance to developers from the IDE. It empowers developers to identify risks in their code in realtime and harness the power of AI to remediate the risks on the spot. This feature is initially being released as part of the Checkmarx One plugin for VS Code, Cursor and Windsurf IDEs.
CXONE ASSIST comprises two main elements: Realtime Scanning - Identify vulnerabilities in realtime during IDE development of both human-generated and AI-generated code. Our super-fast scanners run in the background whenever you edit a relevant file. Our scanners identify vulnerabilities and unmasked secrets in your code. We also identify vulnerable or malicious container images and open source packages used in your project. Results are marked as Problems which are highlighted in the code and annotated with identifying icons. Agentic-AI Remediation-Initiate an Agentic-AI session to receive remediation suggestions. Checkmarx feeds all relevant info to the AI agent which accesses our MCP server to gather data from our proprietary databases and customized AI models. The AI assistant then uses this data to generate remediated code for your project. You can accept the suggested changes or you can chat with the AI agent to learn more about the vulnerability and fine-tune the remediation suggestion.
If you're an AWS customer interested in Checkmarx One and wish to purchase over AWS Marketplace in a different quantity or configuration, visit http://www.checkmarx.com/contact-us-aws IMPORTANT INFORMATION ABOUT PRODUCTS AND SERVICES.
- Please note that add-ons be purchased only when the base product is purchased.
- Description of Base product: Checkmarx One Start with SAST. Description of available Add-ons: CxOne Start with SAST NG-API Security Addon, CxOne Start with SAST NG-IaC (KICS) Add on, Checkmarx One Start with SAST NG- AI Add on
- Description of Base product: Checkmarx One Essential Description of available Add-ons: CxOne Essential-Containers Add on, Cx One Essential-Malicious Packages Add on, Cx One Essential-IaC (KICS) Add on, CxOne Essential-AI Protection Add on
- Description of Base product: Checkmarx One Professional Description of available Add-ons: Checkmarx One Professional - IaC (KICS) Add on, Checkmarx One Professional - Enterprise Secrets Add on, Checkmarx One Professional - AI Protection Add on
- Checkmarx One Codebashing is available both as standalone and add-on with Base products mentioned above.
- CxOne Premium Service Package is available @ 20% of SaaS subscription fee. Checkmarx One Premium Service package fee shall be calculated as higher of: a) 20% of SaaS subscription fee OR b) USD 10,000 in case of 1 year term / USD 30,000 for 3 year term.
- Cx-SCS Threat API Malicious (per package) : Minimum quantity is 2 (two) and listed price is for 2 (two) units. SCS Threat API for Malicious OSS Packages Threat Information only (limited to 10,000 packages lookup per month). Each version/sub-version of the same package is considered a unique package.
- Minimum deal size shall be USD 30,000 for a one year term and USD 90,000 for three year term. Minimum deal size excludes Checkmarx One Premium Service Package and Checkmarx One PS days.
- Checkmarx reserves the right to revise prices periodically.
- Prices exclude applicable VAT/GST and WHT, if any.
- Refund Policy: no Refunds. Please reach out to aws-marketplace@checkmarx.com for further information about the add-ons available under various base products.
Highlights
- FIND THREATS AND SAVE TIME : Identify open source risks. Get severity metrics and remediation guidance. Identify potential license and compliance issues. See which libraries are adding to maintenance burdens. Get risk reports or extract data via API.
- SPOT INSECURE CODE EARLIER: Our industry-leading source code analysis covers a wide range of languages. Checkmarx One finds vulnerabilities faster by scanning uncompiled code and only re-scanning new or modified code.
- Prevent misconfigurations from reaching production: Scan your IaC templates for valid but insecure configurations before deployment to prevent catastrophic security misconfigurations.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
CxOne Start with SAST NG | Checkmarx One Start with SAST-price per license per year | $1,035.00 |
CxOne API Security | CxOne Start with SAST NG-API Security Addon-price per license per year | $276.00 |
CxOne IaC (KICS) | CxOne Start with SAST NG-IaC (KICS) Add on-price per license per year | $240.00 |
CxOne DevAssist | Checkmarx One Start with SAST NG- DevAssist Add on-price per license per year | $300.00 |
Checkmarx One Codebashing | Checkmarx One Codebashing | $345.00 |
CxOne Essential | Checkmarx One Essential - price per license per year | $1,564.00 |
CxAST-CONTAINERS | CxOne Essential-Containers Add on-price per license per year | $240.00 |
CxOne Malicious Packages | Cx One Essential-Malicious Packages Add on-price per license per year | $276.00 |
CxAST-IAC-KICS | Cx One Essential-IaC (KICS) Add on-price per license per year | $240.00 |
CxOne DevAssist | CxOne Essential-DevAssist Add on-price per license per year | $300.00 |
Vendor refund policy
- Minimum Deal size shall be USD 30,000 for 1 year term & USD 90,000 for 3 year term, excluding Checkmarx One Premium Service Package and Checkmarx one PS days.
- Checkmarx One Premium Service package fee shall be calculated as higher of: a) 20% of SaaS subscription fee OR b) USD 10,000 in case of 1 year term / USD 30,000 for 3 year term.
- Checkmarx reserves the right to revise prices, without advance notice.
- Prices quoted are exclusive of VAT/GST and WHT, if applicable.
- No refunds.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Checkmarx technical support, online support https://support.checkmarx.com Checkmarx One Standard Support is Included within the price of software subscription and Checkmarx One Premium Service Package available by paying 20% SaaS subscription fee.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Checkmarx
By Fortinet Inc.
Top
10
In Testing
Top
25
In Continuous Integration and Continuous Delivery
Top
25
In Cloud Governance
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Static Application Security Testing
Identifies vulnerabilities and weaknesses in custom code with support for 25+ languages and frameworks, scanning uncompiled code and re-scanning only new or modified code.
Software Composition Analysis
Identifies and prioritizes open source vulnerabilities, takes inventory of open source components and dependencies, and evaluates risks of open source licenses.
Infrastructure as Code Analysis
Detects security misconfigurations in IaC templates using KICS to prevent errors such as open storage buckets, insecure databases, and excessive privileges.
Real-time IDE Security Scanning
Provides real-time vulnerability detection during IDE development for both human-generated and AI-generated code, identifying vulnerabilities, unmasked secrets, vulnerable container images, and malicious open source packages.
Agentic-AI Remediation
Generates remediation suggestions using AI agents that access proprietary databases and customized AI models to provide context-aware code fixes with interactive refinement capabilities.
Software Supply Chain Visibility
Continuous end-to-end visibility and traceability across source control, CI/CD, registry, and cloud environments through API integrations and proprietary Pipeline Bill of Materials (PBOM) tracking
Vulnerability Prioritization Engine
Context-based threat prioritization that assesses vulnerability exploitability, reachability, business impact, and risk normalization to identify critical issues requiring immediate attention
Automated Remediation Workflows
No-code workflow automation that automatically blocks vulnerabilities, risky code, and configuration changes while enabling pull request and ticket creation from a unified console
Real-time Security Scanning
Real-time monitoring and scanning across the software development lifecycle from code to cloud with build integrity verification and production application security from inception to release
Unified Application Security Platform
Consolidated platform integrating application security posture management, application security testing, and supply chain security across the complete software development lifecycle
Code Security Analysis
Integrated code security with Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Infrastructure as Code (IaC) security with runtime application behavior monitoring to identify active, exploitable vulnerable packages.
Cloud Security Posture Management
Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM) with attack path analysis visualization and compliance validation against CIS Benchmarks for AWS and AWS Foundational Security Best Practices.
Cloud Infrastructure Entitlement Management
Cloud Infrastructure Entitlement Management (CIEM) providing visibility into AWS IAM users, groups, roles, policies, entitlements, and EC2 instances with automatic identity discovery and net-effective permissions assessment.
Behavioral Analytics and Anomaly Detection
Continuous monitoring of AWS workloads for unusual behaviors through comparison of past and present states using patented analytics with over 100 patents to detect anomalies and compromises.
Composite Alert Correlation
Automatic correlation of multiple alerts into single, high-confidence composite alerts using behavioral analytics, anomaly detection, in-house threat intelligence, AWS CloudTrail and GuardDuty data to identify active attacks including compromised credentials, ransomware, and cryptojacking.
Standard contract
No
No
No
Customer reviews
Nitesh A.
Automated Checkmarx Scans Keep Us Ahead of Key Vulnerabilities
Reviewed on Jun 20, 2026
Review provided by G2
What do you like best about the product?
we use checkmark to scan Salesforce code base in GitHub. we have automated the checkmarx run of scans so we are aware of key vulnerabilities so we can fix them before time. The scans are showing good results, export options are good. overall a good product
What do you dislike about the product?
What we found was the scan results derived from repo scan using Salesforce Security portal scans are different from the results of checkmark scans.
What problems is the product solving and how is that benefiting you?
Checkmarx helps us to automate repo scans, provides good insights into vulnerabilities or major issues in code and segregates them in terms of severity. It also provides option to upload results as false positive So these do not get reported again n again. The exports are good to submit for security review. The UI design is good and intuitive. We found the scans run pretty fast and hence better in performance. We good good response and support from checkmark team for any issues or new features. Overall good experience.
Aman M.
Centralized Source Code Security with Seamless CI/CD Integration
Reviewed on Jun 19, 2026
Review provided by G2
What do you like best about the product?
Checkmarx is a centralized security tool that provides end-to-end insights into source code security and vulnerabilities. It also helps improve the efficiency of the source code by highlighting the associated risks and suggesting ways to remediate the vulnerabilities. In addition, it shows vulnerabilities in the open-source libraries and packages we use in our source code through SCA scans.
One thing I like the most is how well it integrates with our CI/CD tooling. We can plug it into our DevSecOps CI/CD flow, and developers can see scan insights directly from the pipeline itself, without needing to log in to the Checkmarx UI separately.
One thing I like the most is how well it integrates with our CI/CD tooling. We can plug it into our DevSecOps CI/CD flow, and developers can see scan insights directly from the pipeline itself, without needing to log in to the Checkmarx UI separately.
What do you dislike about the product?
It should better cope with modern software development lifecycles and provide end-to-end support for scanning any valid file extensions. For example, we are migrating from Node JS to TypeScript, and as part of that change we updated our .js files to use the .mjs extension. However, Checkmarx still does not support scanning .mjs files. We reported this issue to them about a year ago, but even now it remains unsupported. The current suggestion is to rename .mjs files to .js when uploading code for Checkmarx scans, which is not a practical workaround for us.
What problems is the product solving and how is that benefiting you?
End-to-end security scanning for source code, including SAST and SCA scanning. It also supports API security scanning, IaC file scanning, and secret detection. Seamless integration with native CI/CD tools makes it easy to integrate Checkmarx into DevSecOps pipelines.
This reduces the Source Codes attack surface and by that we have achieved over 70%-80% of improvement in overall Code Security and our feature releases is now bullet proof from Security attacks
This reduces the Source Codes attack surface and by that we have achieved over 70%-80% of improvement in overall Code Security and our feature releases is now bullet proof from Security attacks
Arya S.
Comprehensive Application Security with Checkmarx
Reviewed on Jun 17, 2026
Review provided by G2
What do you like best about the product?
I like Checkmarx because it provides comprehensive application security, with accurate vulnerability detection, risk-based prioritization, and clear remediation recommendations.
What do you dislike about the product?
One area that could be improved is the number of false positives generated during scans, as this can add extra time to validation and triage. In addition, scans may take longer when running against large codebases.
What problems is the product solving and how is that benefiting you?
Checkmarx helps us address the challenge of identifying security vulnerabilities early in the software development lifecycle, before they reach production. It scans source code, open-source dependencies, APIs, and other application components to detect security risks and provide remediation guidance. For us, this reduces the likelihood of security incidents, supports compliance efforts, reinforces secure development practices, and helps development teams fix vulnerabilities faster without significantly slowing delivery timelines.
Program Development
Seamless Developer Workflow Integration for Real-Time Vulnerability Fixes
Reviewed on May 31, 2026
Review provided by G2
What do you like best about the product?
Checkmarx integrates directly into the developer workflow. By providing plugins for popular IDEs, CI/CD pipelines, and source code management (SCM) platforms, it allows developers to catch and fix vulnerabilities in real time without context-switching
What do you dislike about the product?
Running the application can strain local servers, and I note that the system requires substantial RAM and processing power to perform efficiently.
What problems is the product solving and how is that benefiting you?
Checkmarx solves the critical problem of vulnerabilities slipping into production code, which directly benefits me by reducing security risks and saving development time.
Information Technology and Services
Proactive Security and Smooth Cross-Team Collaboration
Reviewed on May 30, 2026
Review provided by G2
What do you like best about the product?
Its proactive approach to security.. I like how it enables you to collaborate with other teams.
What do you dislike about the product?
the only concern I had initially was the complexity the platform has a steep learning curve. and the Cost
What problems is the product solving and how is that benefiting you?
Protects customers data, and lowered remediation cost.