Repositories list

• ast-github-action

  Public
  Checkmarx application security testing (AST) GitHub action

  securitygithub-actionscheckmarx+ 1checkmarx-ast

  Shell

  •

  Apache License 2.0

  •27•20•3•10•Updated Jun 20, 2025Jun 20, 2025

• ast-cli

  Public
  A CLI project wrapping application security testing (AST) APIs

  astcheckmarxcheckmarx-ast+ 1cli

  Go

  •

  Apache License 2.0

  •26•54•3•23•Updated Jun 20, 2025Jun 20, 2025

• ast-vscode-extension

  Public
  The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

  securityvscode-extensioncheckmarx+ 1checkmarx-ast

  Hack

  •

  Apache License 2.0

  •8•15•6•32•Updated Jun 20, 2025Jun 20, 2025

• ast-teamcity-plugin

  Public
  The CxAST TeamCity plugin enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project.

  securityteamcity-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •2•3•1•15•Updated Jun 20, 2025Jun 20, 2025

• homebrew-ast-cli

  Public
  Ruby

  •0•2•0•0•Updated Jun 20, 2025Jun 20, 2025

• ast-jetbrains-plugin

  Public
  The CxAST JetBrains plugin enables you to import results from a CxAST scan directly into your IDE.

  securityjetbrains-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •3•3•0•19•Updated Jun 19, 2025Jun 19, 2025

• ast-visual-studio-extension

  Public
  The CxAST Visual Studio plugin enables you to import results from a CxAST scan directly into your IDE

  securityvisual-studio-extensioncheckmarx+ 2visual-studio-2022checkmarx-ast

  C#

  •

  Apache License 2.0

  •6•2•1•12•Updated Jun 18, 2025Jun 18, 2025

• ci-cd-integrations

  Public
  If you are using a CI/CD platform that doesn’t yet have a dedicated Checkmarx plugin, please check this repository.

  circlecimavenbitbucket+ 6ci-cdsonarbamboo-plugincheckmarxsecurtiycheckmarx-ast

  Groovy

  •

  Apache License 2.0

  •19•9•0•2•Updated Jun 18, 2025Jun 18, 2025

• kics

  Public
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

  securityiacinfrastructure-as-code+ 9cloudnativeappsecvulnerability-detectionhacktoberfestvulnerability-scannerssecurity-toolsopen-policy-agent+ 2

  Open Policy Agent

  •

  Apache License 2.0

  •331•2.4k•136•96•Updated Jun 17, 2025Jun 17, 2025

• 2ms

  Public
  Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git

  securitysecret-managementsecrets+ 3appsecsecret-keysapi-keys

  Go

  •

  Apache License 2.0

  •22•94•32•2•Updated Jun 17, 2025Jun 17, 2025

• secret-detection

  Public
  Go

  •0•1•0•4•Updated Jun 16, 2025Jun 16, 2025

• ast-azure-plugin

  Public
  The CxAST Azure DevOps plugin enables you to trigger SAST, SCA, and KICS scans directly from an Azure DevOps pipeline.

  securitysecurity-toolsazure-devops-extension+ 2checkmarxcheckmarx-ast

  TypeScript

  •

  Apache License 2.0

  •5•4•5•17•Updated Jun 16, 2025Jun 16, 2025

• vorpal-reviewdog-github-action

  Public
  Run Vorpal with reviewdog 🐶

  Shell

  •

  Apache License 2.0

  •0•3•0•0•Updated Jun 12, 2025Jun 12, 2025

• manifest-parser

  Public
  Go

  •0•0•0•0•Updated Jun 12, 2025Jun 12, 2025

• ast-eclipse-plugin

  Public
  The CxAST Eclipse plugin enables you to import results from a CxAST scan directly into your IDE. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

  securityeclipse-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •12•4•0•2•Updated Jun 12, 2025Jun 12, 2025

• containers-resolver

  Public
  Go

  •0•0•0•0•Updated Jun 9, 2025Jun 9, 2025

• containers-images-extractor

  Public
  Go

  •0•0•0•1•Updated Jun 9, 2025Jun 9, 2025

• containers-syft-packages-extractor

  Public
  Go

  •0•0•0•1•Updated Jun 9, 2025Jun 9, 2025

• daniel-mcp-test

  Public
  Go

  •1•0•0•6•Updated Jun 8, 2025Jun 8, 2025

• kics-cdk-validator-plugin

  Public
  A KICS plugin for AWS CDK

  TypeScript

  •

  Apache License 2.0

  •3•7•1•5•Updated Jun 5, 2025Jun 5, 2025

• kics-github-action

  Public
  GitHub actions of KICS scan - Keeping Infrastructure as Code Secure

  JavaScript

  •

  GNU General Public License v3.0

  •37•49•11•2•Updated Jun 4, 2025Jun 4, 2025

• Vulnerabilities-Proofs-of-Concept

  Public
  JavaScript

  •0•0•0•0•Updated Jun 4, 2025Jun 4, 2025

• gen-ai-prompts

  Public
  Remediate SAST results using AI

  Go

  •1•5•2•1•Updated May 11, 2025May 11, 2025

• sast-to-ast-export

  Public
  CLI tool to export data from CxSAST and import into AST CxOne

  securityapplicationast+ 1sast

  Go

  •

  Apache License 2.0

  •5•3•2•0•Updated May 8, 2025May 8, 2025

• containers-types

  Public
  Go

  •0•0•0•0•Updated Apr 16, 2025Apr 16, 2025

• Phoenix-WebGoat

  Public
  Project with vulnerabilities for plugins team tests

  Other

  •0•0•0•2•Updated Apr 15, 2025Apr 15, 2025

• plugins-release-workflow

  Public
  Automates the release workflow across all components, starting with the CLI, followed by the Wrappers, and concluding with the Plugins. This streamlined process ensures consistent and efficient deployment across the entire ecosystem.

  0•0•25•0•Updated Mar 30, 2025Mar 30, 2025

• Checkmarx-CVE-2025-30066-Detection-Tool

  Public
  Python

  •

  MIT License

  •0•1•0•0•Updated Mar 19, 2025Mar 19, 2025

• gen-ai-wrapper

  Public
  Go

  •

  Apache License 2.0

  •0•0•1•6•Updated Dec 30, 2024Dec 30, 2024

• ast-cli-maven-plugin

  Public
  A Maven plugin for using the AST CLI in Maven lifecycle phases

  Java

  •

  Apache License 2.0

  •0•0•0•9•Updated Dec 9, 2024Dec 9, 2024