Checkmarx named leader in Gartner supply chain quadrant

Market recognition

The designation places Checkmarx among vendors assessed on Completeness of Vision and Ability to Execute in a segment focused on securing software dependencies and related development components.

Software supply chain security has become more prominent for corporate technology teams as businesses rely more heavily on open-source packages, third-party libraries, container images and, increasingly, artificial intelligence components in development workflows. The category covers the identification of vulnerabilities and other risks in those inputs before they are deployed into production systems.

According to Checkmarx, its Checkmarx One platform combines software composition analysis, container security, malicious package detection, secrets detection, software bill of materials generation and management, and tools aimed at AI supply chain security. The system is designed to work within integrated development environments, source control systems, and continuous integration and continuous delivery pipelines.

The company also highlighted risk prioritisation features that correlate vulnerability severity, exploitability and reachability with application context. That approach is intended to help development and security teams focus on the issues judged to present the greatest business risk, rather than dealing with large volumes of alerts.

Platform capabilities

Checkmarx also pointed to governance as a key area. Its platform normalises risk signals from different security engines so organisations can apply policies consistently while maintaining central oversight across tools and development teams.

The company also emphasised AI-related functions as organisations begin to track a broader set of assets used in software creation. Those features cover the discovery, analysis and management of AI components, including models, agents, datasets and AI bill of materials elements.

Sandeep Johri, Chief Executive Officer of Checkmarx, said the recognition reflected the field's growing importance.

"Supply chain security is central to modern application security, full stop," said Sandeep Johri, Chief Executive Officer, Checkmarx.

He linked the issue to the wider mix of software assets now used by development teams.

"Organisations need visibility and governance across their entire software and AI supply chain, from open-source dependencies to AI components, and our unified platform delivers exactly that. This Gartner recognition reflects Checkmarx's commitment to building comprehensive and practical capabilities that are integrated directly into how development teams work," added Johri.

Industry focus

The software security market has been expanding as regulators, customers and boards place greater emphasis on understanding what code and components sit inside critical applications. Software bills of materials have become one tool companies use to map dependencies, while attacks involving compromised packages and malicious code injection have pushed supply chain risk management higher on security agendas.

Checkmarx said the platform, introduced in December 2021, has been adopted by enterprise customers globally. It scans billions of lines of code each month and analyses millions of open-source packages, container images and AI components, according to the company.

Jonathan Rende, Chief Product Officer at Checkmarx, said the shift in software construction methods was changing security requirements.

"We're honored by this recognition from Gartner," said Jonathan Rende, Chief Product Officer, Checkmarx.

He added that software supply chain risk now extends beyond traditional third-party code.

"Supply chain security must evolve alongside how software is built. As organizations increasingly rely on open-source, third-party components, and now AI-generated assets, they need security that understands context, reduces noise, and integrates seamlessly into development workflows," added Rende.

Growing segment

Checkmarx operates in a crowded application security market where vendors are trying to consolidate tools for developers and security teams. Supply chain security has become one of the more closely watched segments because it sits at the intersection of software development, governance and cyber risk management.

Gartner's inclusion of a dedicated Magic Quadrant for the category signals how far the segment has matured into a standalone buying area for enterprise technology and security leaders.