Checkmarx One – Supply Chain Security

Repository Health

Q: How often should repositories be scanned for health checks?

Frequent scans on a regular basis (weekly or monthly) are recommended to continuously monitor repositories for emerging risks. In addition, it is considered a best practice to re-scan a repository any time it is updated, preferably through SCM integration and automation.

Improve your security posture with full visibility into the security, dependency management, and maintenance health of the code repositories used in your applications.

Get a Demo → Explore the Features

Checkmarx Repository Health Tool Feature Highlights

Reduce Risk by Monitoring the Health of Your Code Repositories

Without repo health monitoring, repositories are at risk of unauthorized code changes, dangerous or low-quality code, regulatory non-compliance, and other security threats.

Continuous Repo Health Tracking

Monitor the health of all repositories included in your applications based on factors such as security practices, testing practices, dependency management, CI/CD practices, and project maintenance.

Seen Repository Monitoring in a Demo

Advanced Repository Scan Triggering

Automatic SCM-Triggered Scans

Integration with SCM platforms enables scans to run automatically upon repository updates, ensuring up-to-date repo health assessments with no manual effort.

See Advanced Triggers in a Demo

Flexible On-Demand Scanning Options

In addition to automatic SCM-triggered scans, developers and security teams can manually run repo health scans at any time via API, CLI, or the Checkmarx One UI.

See On-Demand Scanning in Action

Integrated Surity Posture View

Unified Risk Reporting

Repository health evaluations are included in Checkmarx One reports, providing visibility into – and efficient prioritization of – security vulnerabilities, code quality issues, and repository health risks, all in one place.

See the Unified Security in a Demo

Repository Health Monitoring Tool for The AI Era

Secure Your Software With Repository Health Checks

Learn how you can use repository health scoring to improve your application security posture.

Request a Demo →

Repository Health Monitoring

How Enterprises Benefit From Repository Health Monitoring

Continuously tracking repository health helps minimize the threat exposure of vulnerable code repos, leading to improved security and enhanced transparency with stakeholders.

Maximum Software Supply Chain Security

Ongoing comprehensive visibility into the security health of all code repositories closes a critical gap in software supply chain security – ensuring every component of your build pipeline meets your security standards.

Holistic & Efficient Risk Prioritization

Identifying and prioritizing high-risk areas across all aspects of the software supply chain allows developers and security teams to focus their efforts on the most critical security issues first – not just the loudest.

Enhanced Transparency & Communication

Unified assessments of the security posture of code repositories improves transparency, communication, and collaboration among security teams, developers, and business stakeholders – with one shared source of truth.

See it in Action →

Customer Stories

Why the World’s Top Teams Choose Checkmarx

“We’ve seen an 80% noise reduction — our engineers now focus on the high-quality risks that matter.”

Explore Best Buy Case Study

“By far the best AppSec tooling decision we have made”

“Checkmarx gave us a 90% reduction in vulnerabilities in just a few months.”

“Unifying our AppSec tools with Checkmarx gave us a single source of truth.”

“With 2.1B lines of code scanned monthly, Checkmarx gives us the scale and speed we need.”

“Checkmarx fits seamlessly into our DevOps pipelines—it’s a truly scalable solution.”

“From a buyer perspective, Checkmarx’s approach offers a structured and role-aware entry point into agentic security. ”

“Incorporating Checkmarx’s technology has revolutionized our development culture ”

“Checkmarx One made our security team and developers life easier.”

“The success of our AppSec program can be directly attributed to the tooling, processes and support provided by the Checkmarx managed services.”

“Bringing ASPM context directly into the IDE reflects a forward-looking approach to prioritizing security efforts based on risk earlier in the development process.”

Checkmarx Repo Health Monitoring Tool

Frequently Asked Questions

Why is automated repository health monitoring important?

Modern code repositories store application source code, CI/CD configurations, IaC files and other sensitive data. Software supply chain attacks are rising steeply; poorly managed internal code repos are a weak point in an organization’s software supply chain security posture. Because large enterprises typically maintain thousands of repos, it is impossible to manually track how well each of them is configured, maintained, and secured. An automated solution is needed to continuously determine the security and code-quality health of internal code repos.

How often should repositories be scanned for health checks?

What assessments are made to determine repository health?

Checkmarx’ Repository Health helps you maximize the security posture of your applications by automatically and continuously tracking the security and quality practices applied to your code repositories. Each repo is evaluated on its security policies and best practices, including:

Code review before merge

Branch protection

Pinned dependencies

Dependencies actively maintained

Presence of executable (binary) artifacts

Fuzzing required

Presence of a detailed security policy

CI pipeline tests

Dangerous GitHub Action workflows

Signed releases

Secure packaging

What actions should be taken if a repository is deemed risky?

OSSF Scorecard is an open-source project created by the Open-Source Security Foundation (OpenSSF) that assesses code repositories for security risks through a series of automated checks. Checkmarx One incorporates the results of OSSF Scorecard evaluations in its reports so that developers and security teams can improve their visibility into security vulnerabilities, code quality issues, repository maintenance standards, and other repository health risks.

What is OSSF Scorecard?

See it in action

Discover Checkmarx Repository Health

Learn how automatic repository health tracking strengthens your software supply chain security.

Thank You!

Your Custom Demo Request is successfully sent. A member of Checkmarx Team would contact you shortly to set up your custom demo.

Personalized Demo

Continuously Score & Improve Repository Health

Continuous repo scoring:

Track code quality, dependency hygiene, CI/CD practices & maintenance at scale.

Always current:

Automatic SCM‑triggered scans + on‑demand via API/CLI/UI.

Unify risk reporting:

See repo‑health insights alongside AppSec findings to prioritize efficiently.

Part of One platform:

Consolidate IaC with SAST/SCA/Secrets for a single source of truth.

Policy guardrails:

Use insights to gate merges and reduce blast radius.

Get Started

Get Started With
Checkmarx Repository Health Monitoring Today

Join the leading enterprises that include Checkmarx IaC Secirity in their application security toolkit for holistic application security.

Talk to Experts → Explore Checkmarx One

Gartner Magic Quadrant Leader

Forrester Wave Leader

SOC 2 Type II Certified

Repository Health