Integration speeds remediation by 99% while preserving optimized developer workflows
Checkmarx, the industry leader in cloud-native application security for the enterprise, announced today an integration with Mobb, the trusted automated vulnerability fixer, to streamline application security testing and remediation within familiar developer workflows. Checkmarx customers can now deploy Mobb’s auto-remediation solution for vulnerabilities identified during scans with Checkmarx SAST. This new capability represents an expansion of Checkmarx’ auto-remediation offerings for SCA (software composition analysis) and IaC (infrastructure-as-code) Security.
The Mobb integration with Checkmarx significantly reduces time-to-remediation from nearly five hours to five minutes, on average, simplifying the process in two primary ways:
- Checkmarx’ industry-leading SAST solution is highly tuned for accuracy and prioritizes findings to minimize the noise that enters the development workflow. Developers can trust that alerts are genuinely exploitable problems and be guided to fix the most critical vulnerabilities first.
- Mobb’s AI engine leverages heuristics to perform auto-remediation of vulnerabilities identified by Checkmarx in just a few clicks. Developers are freed from reviewing scan reports to search for fixes and fix locations, allowing them to focus on innovation.
“Mobb and Checkmarx share a vision of the vital nature of application security at a time when code drives every aspect of the enterprise and AI is disrupting everything,” said Ori Bendet, VP of Product Management at Checkmarx. “This first integration from our partnership with Mobb not only speeds time-to-delivery of new applications, but helps build trust between AppSec leaders and developers, resulting in reduced risk and maximizing return on investment.”
“This new partnership empowers companies to take their DevSecOps program to the next level of automation and speed,” said Eitan Worcel, CEO at Mobb. “Running Checkmarx and Mobb in the pipeline completely changes the narrative of security tools from being the delaying factor to one that provides a productivity and efficiency boost, allowing companies to do more with less.”
Mobb reduces time-to-remediation by 99% on average. With this new integration, workflows are simplified and, when integrated within the SDLC, typically resemble the following:
- A developer commits code changes to the organization’s code hosting platform.
- A Checkmarx SAST scan is automatically initiated in the appropriate phase of the SDLC.
- Mobb analyzes the reported vulnerabilities and the developer’s source code for essential contextual information on how the error was created.
- Mobb then incorporates the additional context and proposes a fix, presenting it side-by-side with the vulnerable code.
- The developer approves and commits the fix.
- Checkmarx then scans to verify that the fix is effective.
Key features of the integration include the ability to scan with Checkmarx through Mobb CLI and the ability of users to retrieve their applications managed in Checkmarx One directly into Mobb without having to import or configure each individually.
