Checkmarx is the only provider of a full platform to identify, analyze, intelligently prioritize, and remediate issues with software exposure in a DevOps environment. Checkmarx supports a combination of integrations for the automation required in a fast-paced development environment along with a variety of technologies to empower development and security to improve the overall security posture of an organization. Checkmarx Public Sector brings enterprise-grade application security testing to developers in Agile and DevOps environments supporting federal, state, and local missions.

To learn more, visit

Chart of Checkmarx's SDLC

Federal-Grade Application Security Testing
Checkmarx’s software security testing platform is unique in the public sector. No other federal-grade platform addresses core issues with a single easy-to-deploy-and-use solution.

Federal Compliance Mandates
Checkmarx's automated approach shifts more of your security effort to the left – driving down costs and accelerating time to market. Even better, it also simplifies your ability to document security compliance.

Our easy-to-follow test reports show where your application isn’t meeting a specific standard. Your post-fix report positively documents your compliance.

Integrate Security Testing
Checkmarx's platform has two key features that make it easier for agencies and contractors of all sizes to achieve the benefits of DevOps:

  • Scan Your Source Code: Our solution lets you automatically test code at the earliest possible development point, so you can find and fix security issues, and avoid unnecessary development efforts.
  • Save Precious Remediation Time: Our "Best Fix Location" feature shows you how to solve issues with the fewest changes, so you can reduce the number of test cycles required to get your code compliant.
    The result is a faster path to DevOps, with just a few changes to your test process.

Train Developers to Code Securely
Codebashing helps developers learn and sharpen application security skills in the most efficient way because it is in-context and available on-demand. Codebashing is fully integrated into the CxSAST user interface so when developers encounter a security vulnerability they can immediately activate the appropriate learning session, quickly run through the hands-on training, and get straight back to work equipped with the new knowledge to resolve the problem.

Checkmarx, the Software Exposure Platform for the Enterprise


Contract Name Contract Number Sector State
CIO-CS HHSN316201500012W Federal
Department of Defense Checkmarx ITAM ESI N66001-19-A-0045 Federal
GSA Multiple Award Schedules GS-35F-267DA Federal, State
National Cooperative Purchasing Alliance (NCPA) - Systems and Information Management Software 01-74 / 01-81 / 01-87 State Texas
SEWP V Group A: NNG15SC07B; Group D: NNG15SC98B Federal
State of California Multiple Award Schedule (CMAS) 3-16-70-1047B State California
State of New Mexico Multi-Vendor IDIQ 60-000-16-00075 State New Mexico
State of Ohio Multi-Vendor IDIQ 534042 State Ohio
TIPS 180503 State Texas