Skip to content
@Checkmarx

Checkmarx

Pinned Loading

  1. kics Public

    Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

    Open Policy Agent 2.3k 322

  2. 2ms Public

    Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git

    Go 90 21

  3. capital Public

    A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

    CSS 285 78

  4. ci-cd-integrations Public

    If you are using a CI/CD platform that doesn’t yet have a dedicated Checkmarx plugin, please check this repository.

    Groovy 9 17

Repositories

Showing 10 of 54 repositories
  • ast-vscode-extension Public

    The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

    Hack 14 Apache-2.0 6 2 18 Updated Apr 1, 2025
  • ast-cli Public

    A CLI project wrapping application security testing (AST) APIs

    Go 47 Apache-2.0 25 4 14 Updated Apr 1, 2025
  • containers-resolver Public
    Go 0 0 0 1 Updated Apr 1, 2025
  • kics Public

    Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

    Open Policy Agent 2,259 Apache-2.0 322 131 89 Updated Apr 1, 2025
  • ast-eclipse-plugin Public

    The CxAST Eclipse plugin enables you to import results from a CxAST scan directly into your IDE. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

    Java 4 Apache-2.0 11 0 2 Updated Mar 30, 2025
  • plugins-release-workflow Public

    Automates the release workflow across all components, starting with the CLI, followed by the Wrappers, and concluding with the Plugins. This streamlined process ensures consistent and efficient deployment across the entire ecosystem.

    0 0 25 0 Updated Mar 30, 2025
  • ast-azure-plugin Public

    The CxAST Azure DevOps plugin enables you to trigger SAST, SCA, and KICS scans directly from an Azure DevOps pipeline.

    TypeScript 4 Apache-2.0 5 5 15 Updated Mar 30, 2025
  • ast-teamcity-plugin Public

    The CxAST TeamCity plugin enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project.

    Java 3 Apache-2.0 2 1 9 Updated Mar 30, 2025
  • secret-detection Public
    Go 0 0 0 1 Updated Mar 27, 2025
  • 2ms Public

    Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git

    Go 90 Apache-2.0 21 32 (2 issues need help) 3 Updated Mar 27, 2025
View all repositories