GitLab

INTEGRATION TO STREAMLINE USERS’ DEVSECOPS WORKFLOWS

Checkmarx directly integrates CxSAST and CxSCA with GitLab, providing both open source and custom code application security throughout the entire GitLab CI/CD pipeline. Driven by Checkmarx orchestration and automation module, GitLab users can streamline development and security workflows by eliminating time-consuming manual scans as well as finding and fixing vulnerabilities earlier in the SDLC and dev pipeline. The Cx + GitLab integration allows development, security, operations, QA, and product teams to work concurrently in all stages of the DevOps process. With Checkmarx you can just configure the integration, and then automatically scan, review orchestrated results, and remediate bugs, all in the GitLab UI.

DEVSECOPS WORKFLOWS, gitlab, sast, sca, open source, custom code

Automated Scan Initiation & Project Creation

Configure Checkmarx into GitLab’s CI/CD pipeline to trigger Checkmarx scans automatically as part of the merge request stage or during pushes to specific branches.

Simplified Results Management

Automatically import scan results into GitLab Issues, GitLab Merge Requests Overviews, and the GitLab Security Dashboard. As a result, developers can consume and act upon defects more easily, while AppSec engineers and DevOps managers can track vulnerabilities more effectively and efficiently over time.

Streamlined Defect Tracking

Through Checkmarx results feedback loop, the need for manual intervention when opening and closing GitLab Issues is eliminated. Leverage policy-based tracking (e.g. vulnerability severity, CWE, type, or state) to conveniently consolidate similar issues into one GitLab Issue. Once all references to the vulnerability type are fixed, tickets are automatically closed.

HOW TO BUY