Checkmarx partners Carahsoft to expand public sector sales

Checkmarx has partnered with Carahsoft to sell its application security products to government customers, with Carahsoft serving as its master government aggregator for the public sector.

Under the agreement, Checkmarx products will be available through Carahsoft's reseller network and procurement vehicles including NASA's Solutions for Enterprise-Wide Procurement V, the E&I Cooperative Services Contract and The Quilt contracts.

The deal gives Checkmarx broader access to federal, state, local, education and healthcare buyers that purchase technology through Carahsoft's established government channels. For Carahsoft, the addition expands its cybersecurity portfolio as public bodies face growing pressure to secure software development while modernising applications and adopting more cloud-based and AI-led tools.

Checkmarx sells a unified application security platform designed to secure software development from code creation through runtime. It combines static and dynamic application security testing, software composition analysis, API security, container security, infrastructure-as-code security and application security posture management in a single platform.

The platform is designed to identify vulnerabilities across the application development lifecycle, prioritise the most pressing risks, and embed automated remediation guidance and policy enforcement into developer workflows. This reflects a broader industry shift toward integrating security checks earlier in the software development process.

Public sector push

Government agencies have become a growing target for software supply chain attacks, misconfigured cloud environments and flaws in internally developed applications. As more public services move online and agencies rely on a wider mix of commercial software, open-source components and AI-generated code, demand has risen for tools that can monitor code quality and security in one place.

Carahsoft plays a significant role in that market as a distributor and aggregator for technology vendors seeking access to public sector buyers. Its reseller ecosystem and contract vehicles are often used by software companies looking to shorten procurement cycles and navigate government purchasing requirements.

Jonathan Kozimor, Vice President of Channel Americas at Checkmarx, said the partnership would broaden access to the company's products in government.

"Partnering with Carahsoft enables us to expand access to our application security platform across the Public Sector," Kozimor said.

"Carahsoft's deep expertise in Government procurement and its extensive reseller ecosystem make it an ideal partner to help agencies strengthen their application security posture. Together, we can empower organizations to integrate security seamlessly into modern development environments, reduce risk across the software lifecycle and accelerate the delivery of secure, mission-critical applications."

Security demand

The partnership reflects continued demand for application security tools that can support both legacy software and newer cloud-native systems. Public sector technology teams often face fragmented security tooling, using different products for source code scanning, open-source dependency checking, runtime visibility and compliance monitoring.

Vendors have increasingly tried to address that fragmentation by packaging several testing and monitoring functions into a single platform. For agencies, the appeal lies in reducing the number of separate products and creating a clearer picture of software risk across development teams.

Checkmarx said its system provides real-time visibility into vulnerabilities and is built for AI-driven and cloud-native environments. Its tools are also intended to help organisations find issues earlier in development, reducing rework and supporting software resilience.

For Carahsoft, the agreement adds another security vendor to a portfolio that already includes cloud security, identity and access management, risk and compliance, network security and zero trust. The distributor works with resellers, systems integrators and service providers to supply technology to government agencies and public institutions.

Brian O'Donnell, Vice President of Cybersecurity Solutions at Carahsoft, said software lifecycle security is an increasing concern for agencies updating development practices.

"We are pleased to partner with Checkmarx to bring its innovative application security platform to the Public Sector," O'Donnell said.

"As agencies continue to modernize their development environments, it is critical they have access to solutions that embed security throughout the software lifecycle. Together with our reseller partners, we are enabling Government organizations to adopt a proactive, integrated approach to application security-helping them reduce risk, protect sensitive data and accelerate the delivery of secure, mission-critical applications."

Checkmarx products are available to public sector buyers through Carahsoft's SEWP V contracts NNG15SC03B and NNG15SC27B, E&I Contract EI00063~2021MA and The Quilt Master Service Agreement MSA05012019-F.