Checkmarx, an industry leader in cloud-native application security for enterprise, has announced an integration with Mobb, the trusted automated vulnerability fixer.
According to the companies, this collaboration aims to streamline the application security testing and remediation process within developer workflows. The integration is expected to significantly reduce the time-to-remediation from approximately five hours to a mere five minutes.
Checkmarx's leading Static Application Security Testing (SAST) solution, renowned for its accuracy, minimises the 'noise' in the developer workflow, thereby optimising the testing process. "Developers can trust that alerts are genuinely exploitable problems and be guided to fix the most critical vulnerabilities first," the company says.
On the other hand, Mobb's AI engine utilises heuristics to perform auto-remediation of vulnerabilities identified by Checkmarx with just a few clicks. With this, developers are released from the need to review scan reports in search of fixes and fix locations, enabling them to focus on innovation.
According to Ori Bendet, VP of Product Management at Checkmarx, "Mobb and Checkmarx share a vision of the vital nature of application security at a time when code drives every aspect of the enterprise and AI is disrupting everything". He further added that this first integration from their partnership with Mobb not only accelerates the time-to-delivery of new applications, but also helps build trust between Application Security (AppSec) leaders and developers, thereby reducing risk and maximizing return on investment.
The chief executive officer at Mobb, Eitan Worcel, also shared his thoughts on the newly formed partnership. He noted that, "Running Checkmarx and Mobb in the pipeline completely changes the narrative of security tools from being the delaying factor to one that provides a productivity and efficiency boost, allowing companies to do more with less."
The integration facilitates a seamless and streamlined developer workflow which typically proceeds as follows: a developer commits code changes to the organisation’s code hosting platform, a Checkmarx SAST scan is automatically initiated, Mobb analyses the reported vulnerabilities and the developer’s source code, proposes a fix, presents it side-by-side with the vulnerable code. The developer then approves and commits the fix, and finally, Checkmarx verifies the effectiveness of the fix through a scan.
Key features of the new integration include the capacity to scan with Checkmarx through Mobb Command Line Interface (CLI), and the ability for users to retrieve their applications managed in Checkmarx One directly into Mobb without having to import or configure each of them individually.