Introducing Jit’s Seamless Integration with the Checkmarx One SAST Solution
Published March 20, 2025.
Balancing security and developer experience has always been a challenge. On one hand, teams need best-of-breed security scanners to minimize false positives and surface the most critical vulnerabilities. On the other, too many disparate security tools create complexity, slowing developers down. The key to effective security is combining best-in-class scanning with a unified and intuitive developer experience.
That’s why we’re excited to announce Jit’s integration with Checkmarx One —bringing one of the best static analysis tools in the market directly into Jit’s unified AppSec platform. With this integration, users can leverage Checkmarx One powerful SAST scanning while enjoying the same seamless, developer-friendly UX they expect from Jit’s other scanners.
What This Integration Brings to Jit Users
Jit now orchestrates Checkmarx One SAST scans within its execution framework—meaning users feel like they’re using Jit, but behind the scenes, they’re leveraging the power of Checkmarx’s industry-leading SAST engine.
With this integration, Jit will:
Automatically initiate daily Checkmarx One SAST scans across the entire codebase, ensuring continuous security monitoring.
Trigger SAST scans for every code change without requiring developers to leave their environment, making security a natural part of the development workflow.
Unify Checkmarx One SAST findings with other security findings from Jit’s product security stack—so teams can manage all vulnerabilities in a single pane of glass.
In the screenshots below, we can see how Jit orchestrates Checkmarx to initiate scans within the pull request in GitHub, and provides remediation information to resolve the security issue.
Key Benefits of the Jit + Checkmarx Integration
1. A Unified AppSec Experience
Security should feel effortless. With this integration, Checkmarx One SAST scanner operates just like Jit’s other scanners, eliminating tool sprawl and reducing the learning curve for development teams. Developers and security engineers alike benefit from a unified security experience—no extra UI, no complex onboarding.
2. Centralized Risk Management
Security professionals spend too much time jumping between tools to understand risk. By consolidating Checkmarx’s findings into Jit’s dashboard, teams get a single source of truth for all vulnerabilities—whether they originate from SAST, SCA, IaC scanning, or secrets detection.
3. Enhance Contextual Prioritization with Jit’s Context Engine
Security findings are only actionable when they’re properly prioritized. Jit’s Context Engine automatically assigns risk scores to all security issues, including Checkmarx’s SAST findings, based on their runtime context—such as whether they are internet-facing or deployed in production. This ensures teams focus on the most critical risks first.
How to Activate the Checkmarx One SAST Integration
Getting started is simple. If you’re already a Jit user, follow the step-by-step instructions in our documentation to activate Checkmarx One SAST within your Jit workflow.
If you’re new to Jit, now is the perfect time to get started. Experience the power of automated, developer-friendly security testing with the best-in-class SAST solution integrated directly into your development pipeline.
Final Thoughts
Application security shouldn’t slow developers down—it should work alongside them. With Jit’s integration of Checkmarx One SAST, engineering and security teams get the best of both worlds: powerful static analysis with zero friction.
Want to see it in action? Book a demo and take Jit’s security automation for a spin.
