Repositories list

• 2ms

  Public

  Checkmarx/2ms’s past year of commit activity
  Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git

  securitysecret-managementsecrets+ 3appsecsecret-keysapi-keys

  Go

  •

  Apache License 2.0

  •31•146•10•5•Updated Mar 2, 2026Mar 2, 2026

• kics

  Public

  Checkmarx/kics’s past year of commit activity
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS b…

  golangsecurityiac+ 9infrastructure-as-codecloudnativeappsecvulnerability-detectionhacktoberfestvulnerability-scannerssecurity-tools+ 2

  Open Policy Agent

  •

  Apache License 2.0

  •360•2.6k•144•126•Updated Mar 2, 2026Mar 2, 2026

• ast-cli

  Public

  Checkmarx/ast-cli’s past year of commit activity
  A CLI project wrapping application security testing (AST) APIs

  cliastcheckmarx+ 1checkmarx-ast

  Go

  •

  Apache License 2.0

  •28•59•3•22•Updated Mar 2, 2026Mar 2, 2026

• containers-resolver

  Public
  Go

  •1•1•0•1•Updated Mar 2, 2026Mar 2, 2026

• containers-syft-packages-extractor

  Public

  Checkmarx/containers-syft-packages-extractor’s past year of commit activity
  Go

  •1•0•0•4•Updated Mar 2, 2026Mar 2, 2026

• ast-jetbrains-plugin

  Public

  Checkmarx/ast-jetbrains-plugin’s past year of commit activity
  The CxAST JetBrains plugin enables you to import results from a CxAST scan directly into your IDE.

  securityjetbrains-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •3•3•0•4•Updated Mar 2, 2026Mar 2, 2026

• ast-vscode-extension

  Public

  Checkmarx/ast-vscode-extension’s past year of commit activity
  The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view…

  securityvscode-extensioncheckmarx+ 1checkmarx-ast

  TypeScript

  •

  Apache License 2.0

  •9•19•10•10•Updated Mar 2, 2026Mar 2, 2026

• ci-cd-integrations

  Public
  If you are using a CI/CD platform that doesn’t yet have a dedicated Checkmarx plugin, please check this repository.

  circlecimavenbitbucket+ 6ci-cdsonarbamboo-plugincheckmarxsecurtiycheckmarx-ast

  Groovy

  •

  Apache License 2.0

  •22•13•0•2•Updated Mar 2, 2026Mar 2, 2026

• ast-visual-studio-extension

  Public

  Checkmarx/ast-visual-studio-extension’s past year of commit activity
  The CxAST Visual Studio plugin enables you to import results from a CxAST scan directly into your IDE

  securityvisual-studio-extensioncheckmarx+ 2visual-studio-2022checkmarx-ast

  C#

  •

  Apache License 2.0

  •6•2•3•12•Updated Mar 2, 2026Mar 2, 2026

• ast-teamcity-plugin

  Public

  Checkmarx/ast-teamcity-plugin’s past year of commit activity
  The CxAST TeamCity plugin enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project.

  securityteamcity-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •2•3•1•10•Updated Mar 2, 2026Mar 2, 2026

• ast-cli-javascript-wrapper-runtime-cli

  Public
  Java Script Wrapper that uses the CLI by runtime Download

  cli

  TypeScript

  •9•1•1•12•Updated Mar 2, 2026Mar 2, 2026

• ast-azure-plugin

  Public
  The CxAST Azure DevOps plugin enables you to trigger SAST, SCA, and KICS scans directly from an Azure DevOps pipeline.

  securitysecurity-toolsazure-devops-extension+ 2checkmarxcheckmarx-ast

  TypeScript

  •

  Apache License 2.0

  •5•7•7•20•Updated Mar 2, 2026Mar 2, 2026

• ast-eclipse-plugin

  Public
  The CxAST Eclipse plugin enables you to import results from a CxAST scan directly into your IDE. You can view the vulnerabilities that were identified in your s…

  securityeclipse-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •12•4•2•3•Updated Mar 2, 2026Mar 2, 2026

• ast-cli-javascript-wrapper

  Public
  cli

  TypeScript

  •0•1•0•10•Updated Mar 2, 2026Mar 2, 2026

• ast-cli-java-wrapper

  Public
  Java SDK to access AST

  cli

  Java

  •

  Apache License 2.0

  •1•1•1•15•Updated Mar 1, 2026Mar 1, 2026

• ast-github-action

  Public

  Checkmarx/ast-github-action’s past year of commit activity
  Checkmarx application security testing (AST) GitHub action

  securitygithub-actionscheckmarx+ 1checkmarx-ast

  Shell

  •

  Apache License 2.0

  •36•26•8•0•Updated Mar 1, 2026Mar 1, 2026

• homebrew-ast-cli

  Public
  Ruby

  •0•2•1•0•Updated Mar 1, 2026Mar 1, 2026

• plugins-release-workflow

  Public
  Automates the release workflow across all components, starting with the CLI, followed by the Wrappers, and concluding with the Plugins. This streamlined process…

  0•0•25•0•Updated Mar 1, 2026Mar 1, 2026

• sast-to-ast-export

  Public
  CLI tool to export data from CxSAST and import into AST CxOne

  securityapplicationast+ 1sast

  Go

  •

  Apache License 2.0

  •6•5•3•0•Updated Feb 19, 2026Feb 19, 2026

• containers-types

  Public
  Go

  •0•0•0•1•Updated Feb 16, 2026Feb 16, 2026

• containers-images-extractor

  Public

  Checkmarx/containers-images-extractor’s past year of commit activity
  Go

  •0•0•0•3•Updated Feb 16, 2026Feb 16, 2026

• gen-ai-wrapper

  Public
  Go

  •

  Apache License 2.0

  •0•0•1•6•Updated Jan 20, 2026Jan 20, 2026

• kics-cdk-validator-plugin

  Public
  A KICS plugin for AWS CDK

  TypeScript

  •

  Apache License 2.0

  •3•8•1•5•Updated Jan 8, 2026Jan 8, 2026

• kics-github-action

  Public

  Checkmarx/kics-github-action’s past year of commit activity
  GitHub actions of KICS scan - Keeping Infrastructure as Code Secure

  JavaScript

  •

  GNU General Public License v3.0

  •38•52•14•4•Updated Jan 7, 2026Jan 7, 2026

• sspi

  Public

  Checkmarx/sspi’s past year of commit activity
  Go

  •

  BSD 3-Clause "New" or "Revised" License

  •0•0•0•0•Updated Dec 29, 2025Dec 29, 2025

• secret-detection

  Public

  Checkmarx/secret-detection’s past year of commit activity
  Go

  •0•1•0•4•Updated Oct 16, 2025Oct 16, 2025

• Vulnerabilities-Proofs-of-Concept

  Public
  JavaScript

  •0•1•0•0•Updated Sep 8, 2025Sep 8, 2025

• ast-cli-maven-plugin

  Public
  A Maven plugin for using the AST CLI in Maven lifecycle phases

  Java

  •

  Apache License 2.0

  •0•0•0•10•Updated Aug 24, 2025Aug 24, 2025

• manifest-parser

  Public

  Checkmarx/manifest-parser’s past year of commit activity
  Go

  •0•0•0•0•Updated Aug 20, 2025Aug 20, 2025

• capital

  Public

  Checkmarx/capital’s past year of commit activity
  A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities w…

  ctfvulnerable-web-appapisecurity

  CSS

  •

  GNU Affero General Public License v3.0

  •86•325•4•13•Updated Aug 13, 2025Aug 13, 2025