Checkmarx is a Leader in the 2021 Gartner Magic Quadrant for Application Security Testing

Public Sector

Checkmarx Public Sector brings enterprise-grade
application security testing to developers in Agile and
DevOps environments supporting federal, state, and
local missions.

Source Code Scanning Tools

FirstNet expects that “certified public safety apps” listed on the App Catalog have gone through rigorous quality controls. Developers must demonstrate they have taken the proper steps to ensure application security using the Checkmarx platform.

Accelerate Your Delivery of Secure Software

Our integrated platform allows developers to identify and resolve security issues at the
earliest possible point in the development process.

Public Sector Agency Solutions

  • Meet compliance requirements for FISMA, NIST, STIG and others
  • Decrease time to ATO and improving POA&M efficiency
  • Integrate security testing into DevOps, Agile and CI/CD environments
  • Train developers to code securely
  • Checkmarx has a Certificate of Networthiness (CoN) from the U.S. Army, ID 38392

Federal-Grade Application Security Testing

Checkmarx’s software security testing platform is unique in the public sector. No other federal-grade platform addresses core issues with a single easy-to-deploy-and-use solution.

Federal Compliance Mandates

Checkmarx’s automated approach shifts more of your security effort to the left – driving down costs and accelerating time to market. Even better, it also simplifies your ability to document security compliance.

Our easy-to-follow test reports show where your application isn’t meeting a specific standard. Your post-fix report positively documents your compliance. And these reports support all three of these key standards:

Federal Information Security Management Act (FISMA)

NIST 800.53 and the Risk Management Framework (RMF), which are used by all federal agencies and their contractors

DISA’s Security Technical Implementation Guideline (STIG), which establishes the assessment criteria used by DoD organizations before issuing an ATO

Integrate Security Testing

Checkmarx’s platform has two key features that make it easier for agencies and
contractors of all sizes to achieve the benefits of DevOps:

The result is a faster path to DevOps, with just a few changes to your test process.

Train Developers to Code Securely

Codebashing helps developers learn and sharpen application security skills in the most efficient way, because it is in-context and available on-demand. Codebashing is fully integrated into the CxSAST user interface so when developers encounter a security vulnerability they can immediately activate the appropriate learning session, quickly run through the hands-on training, and get straight back to work equipped with the new knowledge to resolve the problem.

A Leader in the Gartner Magic Quadrant for AST 2020

Gartner released the 2020 Magic Quadrant for Application Security Testing, an annual market report which analyzes vendors’ Application Security Testing capabilities. We’re excited to share that Checkmarx has been recognized at the highest level – as a Leader – based on the comprehensiveness of our vision and our ability to execute in the market.

Gartner 2020 Magic Quadrant for Application Security Testing


Checkmarx’s approach is specifically designed to accelerate your time to ATO. Features like our Best Fix Location speeds the POA&M process, so you can keep your promises to program stakeholders and document every step in your compliance.


Checkmarx’s platform is available on the IT-security GWACs that most federal pros use and prefer:

US General Services Administration (GSA)
Information Technology (IT) Schedule 70

IT Schedule 70 is the U.S. government’s largest IT procurement vehicle, with more than 7.5 million products and services from over 4,600 pre-vetted vendors. Federal, state, and local agencies can use IT Schedule 70 to shorten procurement cycles by up to 50 percent, ensure FAR compliance, and obtain best value.

NASA Solutions for Enterprise-Wide Procurement (SEWP) V

SEWP offers federal agencies and contractors access to more than 140 pre-competed Prime Contract Holders. SEWP stands out for combining low prices with low surcharges, faster ordering, and continuous tracking. High-level decision makers also get direct access to their agency’s acquisition data, helping support strategic procurement oversight and control.

DoD Joint Service Provider (JSP) Approved Product List (APL)

JSP handles IT procurement for the Office of the Secretary of Defense (OSD), Office of the Deputy Chief Management Officer, and the Washington Headquarters (WHS). The APL is DoD’s official list of equipment that’s permissible to field inside DoD networks, and a requirement for getting an Authorization to Connect (ATC).

Solution Overview

Solution Overview

Download our Solution Overview to discover how Checkmarx has a solution for your application security needs.

Download Solution Overview

Federal News Radio: Why application security should be a priority

Listen to the Podcast

The Public Sector Digital Transformation and Secure Software

Watch the Webinar
Analyst Report

Gartner 2020 Magic Quadrant for Application Security Testing

Get the Report