Checkmarx named leader in IDC MarketScape ASPM 2025 report
Checkmarx has been recognised as a leader in the IDC MarketScape for Application Security Posture Management (ASPM) 2025 Vendor Assessment.
The IDC MarketScape assessed Checkmarx alongside 18 other vendors in the ASPM sector. In its report, the evaluation highlighted Checkmarx as a "strong fit for organisations seeking an ASPM solution that is tightly integrated into a developer-focused AppSec platform, backed by ongoing investment in AI, and well-suited to deliver strong ROI for platform buyers."
AI and integration
According to the IDC MarketScape, artificial intelligence is identified as a key priority for Checkmarx, with multiple AI-driven features forming part of the core platform.
The report stated, "AI is a strategic priority for Checkmarx, with capabilities embedded across the platform to enhance risk analysis, accelerate remediation, and reduce manual effort. Features include in-IDE secure coding assistance, AI-generated fix recommendations, and enriched risk scoring based on exploitability, business impact, and other contextual factors. The expansion of the Checkmarx One Assist agent family reflects ongoing investment in automation and intelligence across core AppSec functions."
The IDC MarketScape further noted the integration of ASPM functions directly into developer workflows. "By embedding ASPM directly into the IDE, the platform provides real-time visibility into application risk during code development. Developers can view exploitable vulnerabilities and a filtered list of the top 50 critical issues without leaving their workflow, reducing context switching and improving productivity. Integration with risk management APIs aligns remediation with business priorities, while access to up-to-date scan data ensures accuracy. This approach keeps developers and AppSec teams aligned without introducing unnecessary friction."
Response from Checkmarx
"We're honoured to be recognised by the IDC MarketScape as a Leader in ASPM. We believe this acknowledgment reflects our commitment to building the most developer-focused AppSec platform in the industry, where AI innovation plays a central role," said Jonathan Rende, chief product officer for Checkmarx. "With Checkmarx One, we're helping organisations address risk earlier in the development process and realise stronger ROI from their AppSec programs."
Since releasing the Checkmarx One platform in December 2021, Checkmarx reports that over 800 billion lines of code are now scanned each month using the platform. More than 850 enterprise customers and tens of thousands of developers rely on this technology to secure their operations daily.
Platform scope
The Checkmarx One platform includes a range of features designed to manage application security throughout the software development lifecycle. Its functions cover Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Malicious Package Detection, Infrastructure as Code (IAC) Security, and Container Security.
Recently, Checkmarx introduced Developer Assist, an AI agent for autonomous remediation. Developer Assist integrates directly into coding environments, supporting platforms such as Windsurf by Cognition, Cursor, and Copilot. The company has indicated plans to extend this support to further development environments.
Market overview
The IDC MarketScape vendor assessment model provides an overview of technology suppliers' strengths and competitive positions, using a combination of qualitative and quantitative criteria. The assessment delivers a comparative framework for technology buyers to evaluate market options in the application security posture management sector.
