Ideally, security issues should be identified during the coding process. That is the goal of Checkmarx Developer Assist within AWS’s Kiro IDE. The tool automatically analyzes source code and dependencies within the developers’ working environment.
When coding, developers often lose sight of security if they have to leave the IDE to check it. This is despite the fact that, in shift-left initiatives, they are responsible for delivering secure code. Checkmarx solves this problem with its tooling, in this case with an integration with Kiro, AWS’s IDE. Incidentally, Kiro already has AI integrations, but these focus on code generation and handling tasks that are time-consuming when done manually. At the security level, an external tool is desirable, especially to provide an extra check on AI-generated code.
The integration places Checkmarx Developer Assist directly in Kiro. The company claims that developers can eliminate up to 90 percent of the extra work for security before code is committed. After activation and authentication, Developer Assist analyzes the source code and dependencies in the active workspace. The system automatically displays its findings in the IDE, accompanied by contextual data that helps developers resolve issues early in the development cycle.
Real-time security analysis during development
The security data is also visible in the Checkmarx One platform, which checks applications for security in general. This gives users an overview of the risks that a single project poses within the broader context of their own applications. The standalone security agent works as an IDE-native tool that supports developers in writing secure code.
Broader ecosystem for application security
Checkmarx One includes multiple security tools. For example, it uses Static Application Security Testing (SAST), which checks whether an application is operating securely from the bytecode (i.e., at a very low programming level). Software Composition Analysis (SCA) is also an automated process that identifies components within a codebase and scans them for vulnerabilities. In addition, Checkmarx can use its own platform to search for secrets that often remain in code and therefore become vulnerable.