Checkmarx

Activate and scale your Checkmarx application security capabilities, including SAST, SCA, IaC scanning, and pipeline integrations, so your teams can find and fix code risk faster across all SDLC workflows.

Quick Benefits

Secure Workflows: Enable secure coding for developers, DevOps, and AppSec teams.
Flexible Coverage: Choose the exact edition you need for SAST, open-source risk, and cloud/IaC coverage.
Tailored Usage: Align your licensing to your specific environment (apps, repositories, developers, pipelines).
Expert Guidance: Get help with sizing, activation, and renewal planning.

Checkmarx At a Glance

What it does: Unlocks the Checkmarx AppSec platform capabilities across custom code, open-source dependencies, and infrastructure-as-code (IaC), plus deep integrations into CI/CD tools.
Who needs it: Organizations building software that require consistent application security coverage across repositories, teams, and pipelines.
License Type: Enterprise subscription entitlement.
Typical Terms: 1, 3, or 5 years.
Activation: Entitlement/tenant-based activation (cloud) or administrative console license activation (on-prem).

License Overview

A Checkmarx license activates your application security capabilities and defines how your organization uses the platform across projects, teams, and development workflows.

Modules & Metrics

Your entitlement determines which modules are enabled. This might include Static Application Security Testing (SAST) for custom code analysis, Software Composition Analysis (SCA) for open-source dependency risk, or coverage for infrastructure-as-code and containers. The license also governs how we measure your usage, typically based on the number of applications, projects, repositories, developers, scan volume, or CI/CD integration scope.

Terms & Activation

Licensing is delivered via a 1-, 3-, or 5-year subscription. Maintaining an active term ensures you receive continuous updates for new vulnerabilities, rules, and secure coding patterns. Cloud deployments generally provision a tenant with your assigned entitlements, while on-prem deployments use an administrative activation workflow to enable modules.

Sizing Strategy

Because AppSec programs vary drastically, from monorepos to multi-repo setups, and from centralized AppSec to developer-led security, you must align your entitlements to your actual SDLC requirements. Accurate sizing upfront prevents coverage gaps, avoids overspending, and keeps renewals predictable as your engineering teams scale.

Options & Tiers

Most buyers get stuck deciding which modules they actually need and what drives the pricing metric. Here is how it breaks down:

Plan / Edition	Best For	Key Inclusions	What Affects Price
SAST-Focused	Code-first AppSec	Code scanning, rules, remediation guidance	Apps/projects, dev teams, term
SCA / Open-Source	Dependency risk	OSS inventory, vulnerability & license risk	Repos, scan volume, term
Full AppSec Bundle	Broad coverage	SAST + SCA + IaC + CI/CD integrations	Scope/modules, users, term
Add-ons & Services	Faster rollout	Implementation, policy design, training	Scope & complexity

Features & Benefits

Static Code Scanning (SAST): Find vulnerabilities early in development before they hit production, driving true shift-left workflows.
Open-Source Risk Visibility (SCA): Identify vulnerable dependencies to manage third-party risk at scale and reduce supply-chain exposure.
CI/CD Integrations: Automate security checks directly inside your pipelines to enforce policies consistently and reduce manual review overhead.
Policy & Reporting: Standardize AppSec governance with dashboards and audit-ready outputs for compliance and security leadership.

Compatibility & Requirements

Git-based repositories and modern SDLC workflows.
CI/CD pipelines (Jenkins, GitLab CI, Azure DevOps, etc.).
Enterprise identity and access management (SSO/RBAC).

Quote Checklist

To get an accurate quote, please provide:

Number of applications, projects, or repositories to cover.
Required modules (SAST, SCA, IaC, etc.).
Number of teams/developers and expected scan frequency.
Deployment preference (cloud vs. on-prem).
Term preference (1, 3, or 5 years).

Activation Guide For Checkmarx

Confirm: Finalize your edition, modules, and scope.
Provision: Spin up your tenant (cloud) or enable your modules (on-prem).
Connect: Link your repositories and CI/CD integrations.
Configure: Set your policies, roles, and scan baselines.
Validate: Confirm reporting and policy enforcement are active.

Pricing Factors & Quoting

Checkmarx pricing depends directly on your coverage scope and required modules.

Cost Drivers

The biggest drivers are the specific capabilities you enable (code scanning, open-source risk, IaC, integrations) and the size of your environment (apps, projects, or repositories). The number of teams running pipeline or scheduled scans will also influence the cost.

Longer subscription terms (3 or 5 years) typically improve your annualized pricing. Finally, your deployment approach (cloud vs. on-prem) and any required implementation support, such as onboarding, policy tuning, or governance reporting, will shape the final quote. The most accurate pricing comes from quoting against your actual SDLC scope, ensuring your entitlement perfectly matches your rollout plan.

Search