Master Checkmarx One with our step-by-step tutorial, detailed feature walkthrough, and expert tips.
Explore the key features that make Checkmarx One powerful for application security workflows.
Checkmarx One Assist is the AI-powered layer of the Checkmarx One platform. It uses generative AI to explain vulnerabilities in plain language, trace the code paths that introduced them, and suggest contextual remediation code that developers can review and apply directly inside their IDE or pull request workflow.
The platform consolidates SAST (static analysis), SCA (open-source dependency and license analysis), IaC security (Terraform, Kubernetes, CloudFormation), API security, container image scanning, supply chain security, and DAST. All engines share a unified findings model, dashboards, and policy engine.
Checkmarx One is sold exclusively through enterprise contracts. Pricing is not published publicly and is typically based on the number of contributing developers, the scanning engines enabled, scan volume, and contract length. Prospective customers must engage with Checkmarx sales for a quote.
Yes. It integrates with GitHub, GitLab, Bitbucket, and Azure Repos for source control, with Jenkins, GitHub Actions, Azure DevOps, CircleCI, and other CI systems for pipeline scanning, with VS Code, IntelliJ, Eclipse, and Visual Studio for in-IDE feedback, and with Jira, ServiceNow, and Microsoft Teams for ticketing and notifications.
Yes. Checkmarx has invested in capabilities to scan code produced by AI assistants like GitHub Copilot and to govern the use of AI coding tools, flagging insecure patterns, license risks in suggested snippets, and other issues that can arise when developers heavily rely on generative AI.
Now that you know how to use Checkmarx One, it's time to put this knowledge into practice.
Sign up and follow the tutorial steps
Check pros, cons, and user feedback
See how it stacks against alternatives
Follow our tutorial and master this powerful application security tool in minutes.
Tutorial updated March 2026