Checkmarx partners with Carahsoft for public sector sales

Checkmarx has partnered with Carahsoft to sell its application security products to government agencies, with Carahsoft serving as its government distribution partner for public sector buyers.

Under the agreement, Carahsoft will offer Checkmarx products through its reseller network and procurement channels including NASA Solutions for Enterprise-Wide Procurement V, the E&I Cooperative Services Contract and The Quilt contracts.

The deal expands Checkmarx's reach into federal, state, local, education and healthcare customers that buy technology through Carahsoft's public sector channels. It also places the company's application security tools into established government purchasing frameworks as agencies update software development practices and review how to address security earlier in the coding process.

Checkmarx sells a platform that combines several forms of application security testing and analysis in one system. It includes code security checks, software composition analysis, API security, container security, infrastructure-as-code security and application security posture management.

The platform is designed to work across software development workflows from code creation to runtime. It correlates risk signals, provides visibility into vulnerabilities and prioritises the most critical risks.

Public sector push

Carahsoft is a major distributor to government buyers, often acting as an intermediary between software vendors, resellers and public agencies. As Checkmarx's master government aggregator, it adds the company's application security products to a portfolio already focused heavily on cyber, cloud, DevSecOps and artificial intelligence tools.

The partnership reflects sustained public sector demand for products that fit into existing development and compliance processes rather than sit outside them. Agencies have been under pressure to secure software supply chains, monitor open-source dependencies and manage risks linked to cloud-based development and AI-assisted coding.

Checkmarx has centred its pitch on what it calls a prevention-first approach, arguing that security checks should be embedded earlier in development rather than applied only after software is built or deployed. That position aligns with a broader shift in software security toward earlier testing and policy enforcement within developer workflows.

Jonathan Kozimor, Vice President of Channel Americas at Checkmarx, outlined the rationale for the agreement.

"Partnering with Carahsoft enables us to expand access to our application security platform across the Public Sector," said Jonathan Kozimor, Vice President of Channel Americas at Checkmarx. "Carahsoft's deep expertise in Government procurement and its extensive reseller ecosystem make it an ideal partner to help agencies strengthen their application security posture. Together, we can empower organizations to integrate security seamlessly into modern development environments, reduce risk across the software lifecycle and accelerate the delivery of secure, mission-critical applications."

Contract access

The products will be available through Carahsoft's SEWP V contracts NNG15SC03B and NNG15SC27B, E&I Contract #EI00063~2021MA and The Quilt Master Service Agreement Number MSA05012019-F. Those contract vehicles are commonly used by public sector buyers seeking pre-approved routes for technology procurement.

For Carahsoft, the agreement expands its cybersecurity catalogue as agencies buy more tools tied to software assurance, compliance and development governance. Its cybersecurity portfolio includes vendors focused on supply chain risk management, cloud security, identity and access management, risk and compliance, and other security categories.

Brian O'Donnell, Vice President of Cybersecurity Solutions at Carahsoft, said the distributor sees demand from agencies modernising development environments.

"We are pleased to partner with Checkmarx to bring its innovative application security platform to the Public Sector," said Brian O'Donnell, Vice President of Cybersecurity Solutions at Carahsoft. "As agencies continue to modernize their development environments, it is critical they have access to solutions that embed security throughout the software lifecycle. Together with our reseller partners, we are enabling Government organizations to adopt a proactive, integrated approach to application security-helping them reduce risk, protect sensitive data and accelerate the delivery of secure, mission-critical applications."

Checkmarx said its platform uses AI-driven features to provide detection, remediation guidance and policy enforcement within development workflows. The aim is to help organisations replace fragmented security tools with a single system and address issues earlier in the software lifecycle.

The company said its platform scans trillions of lines of code each year. Customers use the system to assess legacy software, modern cloud-native applications and code produced with AI assistance.