Checkmarx is organized as the Checkmarx One platform with four AppSec sub-pillars. Agentic AI covers Developer Assist and Triage and Remediation. Code covers SAST, DAST, and API Security. Supply Chain covers AI Supply Chain Security, SCA, Malicious Package Protection, Repository Health, and Software Supply Chain Security. Cloud covers Container Security and IaC Security. Merito sells every product in the platform and delivers the implementation, integration, and ongoing run.
Checkmarx portfolio
Checkmarx, sold and delivered by Merito.
Specialist AppSec coverage from agentic AI workflows through code scanning, supply-chain governance, and cloud-native security. Merito sells the licenses and delivers the AppSec program.
Why Merito for Checkmarx
Checkmarx One pricing meets the AppSec program design in one Merito conversation.
Checkmarx is a specialist AppSec vendor with depth across the modern application security stack. The Agentic AI pillar (Developer Assist, Triage and Remediation) brings AI directly into the developer workflow and triage queue. The Code pillar (SAST, DAST, API Security) covers the foundational code-scanning surface. The Supply Chain pillar (AI Supply Chain Security, SCA, Malicious Package Protection, Repository Health, Software Supply Chain Security) covers the open-source and software-supply-chain surface that has become the dominant AppSec risk vector. The Cloud pillar (Container Security, IaC Security) covers cloud-native and infrastructure-as-code scanning.
Merito sells the Checkmarx license and delivers the AppSec program around it: tool deployment, policy tuning, developer enablement, CI/CD integration, triage workflow design, and ongoing run support. AppSec maturity assessment via MAPS scopes the program before implementation begins.
The Checkmarx toolchain
The Checkmarx One platform, grouped by AppSec sub-pillar
Agentic AI
AI inside the developer workflow and the security triage queue. Reduces remediation cycles and false-positive review time.
Agentic AI
Developer Assist
AI agent embedded in the developer workflow that surfaces security guidance, fix suggestions, and contextual code review during development.
See product pageAgentic AI
Triage and Remediation
AI agent for the security triage queue that clusters findings, suggests remediation paths, and reduces false-positive review burden.
See product pageCode
Foundational code-scanning across source, running applications, and APIs. The minimum AppSec surface.
Code
SAST
Checkmarx Static Application Security Testing for source-code analysis across the languages and frameworks enterprise codebases actually run.
See product pageCode
DAST
Checkmarx Dynamic Application Security Testing for running-application security across web and mobile surfaces.
See product pageCode
API Security
API security testing for OpenAPI, REST, and GraphQL surfaces with discovery and runtime risk scoring.
See product pageSupply Chain
Open-source and software-supply-chain governance covering dependency risk, malicious packages, repository health, and AI-specific supply chain risks.
Supply Chain
AI Supply Chain Security
AI-model and AI-component supply chain risk scanning for ML libraries, model dependencies, and AI infrastructure.
See product pageSupply Chain
SCA
Software Composition Analysis for open-source dependency risk, license compliance, and known-vulnerability tracking.
See product pageSupply Chain
Malicious Package Protection
Active blocking of malicious packages in the open-source ecosystem before they reach the build.
See product pageSupply Chain
Repository Health
Repository hygiene and health scoring for open-source projects in active dependency use.
See product pageSupply Chain
Software Supply Chain Security
End-to-end supply-chain security covering build provenance, signing, attestation, and SBOM governance.
See product pageCloud
Cloud-native scanning for container images and infrastructure-as-code templates.
Merito services
Merito services across the Checkmarx portfolio
01
Implementation
Checkmarx One platform deployment, scanner configuration, policy tuning, and developer enablement.
02MAPS Assessment
Security-program assessment for Checkmarx customers consolidating SAST, DAST, SCA, and supply-chain governance.
03DevOps Consulting
Checkmarx integrated into CI/CD pipelines with developer-friendly findings management and PR-level scanning.
04CRAFT Enablement
AppSec test enablement and developer-centric scanning patterns, including AI-augmented triage adoption.
05Premium Support
Named engineer, priority SLAs, and release-time coverage for Checkmarx programs Merito implements.
06Managed Services
Long-term run support for Checkmarx scanning pipelines, triage operations, and supply-chain governance programs.
07Training and Enablement
Role-based training for AppSec engineers, developer advocates, and SecOps using Checkmarx output.
08Staff Augmentation
Merito-placed AppSec engineers and Checkmarx specialists embedded on long-running programs.
Checkmarx licensing
Buy Checkmarx from the partner that also delivers the AppSec program.
Specialist AppSec coverage. One Merito-delivered program. Buy the licenses from Merito and get the rollout, the integration, and the run together.
Related solutions
Where Checkmarx connects to the rest of the Merito program
Application Security
Merito's broader AppSec program including Checkmarx, OpenText Application Security, Snyk, Sonatype, Black Duck, and Semgrep.
Read moreDevOps Toolchain
AppSec gates inside CI/CD with Checkmarx as the foundational scanning surface and developer-friendly findings management.
Read moreSoftware Delivery Acceleration
AI-augmented AppSec reducing remediation cycle time without slowing release cadence.
Read moreFrequently Asked Questions
Checkmarx FAQs
Consultation request
Talk to Merito about Checkmarx
Share the AppSec program you are running. A Merito Checkmarx specialist follows up within one business day with a recommendation.
Full Checkmarx catalog
Licenses and delivery under one statement of work
Merito sells every Checkmarx product and delivers implementation, integration, tuning, and ongoing support.
MAPS-driven scoping
AppSec program scoping by Merito
MAPS Assessment sizes the AppSec program before Checkmarx implementation begins, including coverage, coverage gaps, and developer enablement scope.
Next step
Pick the Checkmarx product that fits your gap. Merito delivers the program.
A Merito Checkmarx conversation starts with the program decision and code, supply chain, cloud, or AI-augmented triage. We recommend the product that actually fits.