Repositories list

• 2ms

  Public
  Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git

  securitysecret-managementsecrets+ 3appsecsecret-keysapi-keys

  Go

  •

  Apache License 2.0

  •25•96•10•6•Updated Aug 1, 2025Aug 1, 2025

• kics

  Public
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

  securityiacinfrastructure-as-code+ 9cloudnativeappsecvulnerability-detectionhacktoberfestvulnerability-scannerssecurity-toolsopen-policy-agent+ 2

  Open Policy Agent

  •

  Apache License 2.0

  •336•2.4k•141•136•Updated Aug 1, 2025Aug 1, 2025

• ast-visual-studio-extension

  Public
  The CxAST Visual Studio plugin enables you to import results from a CxAST scan directly into your IDE

  securityvisual-studio-extensioncheckmarx+ 2visual-studio-2022checkmarx-ast

  C#

  •

  Apache License 2.0

  •6•2•1•12•Updated Aug 1, 2025Aug 1, 2025

• ast-jetbrains-plugin

  Public
  The CxAST JetBrains plugin enables you to import results from a CxAST scan directly into your IDE.

  securityjetbrains-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •3•3•0•19•Updated Aug 1, 2025Aug 1, 2025

• ast-vscode-extension

  Public
  The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

  securityvscode-extensioncheckmarx+ 1checkmarx-ast

  TypeScript

  •

  Apache License 2.0

  •8•15•5•33•Updated Jul 31, 2025Jul 31, 2025

• ast-github-action

  Public
  Checkmarx application security testing (AST) GitHub action

  securitygithub-actionscheckmarx+ 1checkmarx-ast

  Shell

  •

  Apache License 2.0

  •28•21•3•9•Updated Jul 31, 2025Jul 31, 2025

• ast-eclipse-plugin

  Public
  The CxAST Eclipse plugin enables you to import results from a CxAST scan directly into your IDE. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

  securityeclipse-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •12•4•1•5•Updated Jul 31, 2025Jul 31, 2025

• ast-cli

  Public
  A CLI project wrapping application security testing (AST) APIs

  astcheckmarxcheckmarx-ast+ 1cli

  Go

  •

  Apache License 2.0

  •26•53•5•27•Updated Jul 31, 2025Jul 31, 2025

• kics-cdk-validator-plugin

  Public
  A KICS plugin for AWS CDK

  TypeScript

  •

  Apache License 2.0

  •3•7•1•5•Updated Jul 31, 2025Jul 31, 2025

• ast-teamcity-plugin

  Public
  The CxAST TeamCity plugin enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project.

  securityteamcity-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •2•3•1•20•Updated Jul 31, 2025Jul 31, 2025

• homebrew-ast-cli

  Public
  Ruby

  •0•2•0•0•Updated Jul 31, 2025Jul 31, 2025

• sast-to-ast-export

  Public
  CLI tool to export data from CxSAST and import into AST CxOne

  securityapplicationast+ 1sast

  Go

  •

  Apache License 2.0

  •5•3•2•0•Updated Jul 29, 2025Jul 29, 2025

• kics-github-action

  Public
  GitHub actions of KICS scan - Keeping Infrastructure as Code Secure

  JavaScript

  •

  GNU General Public License v3.0

  •39•50•12•3•Updated Jul 28, 2025Jul 28, 2025

• containers-resolver

  Public
  Go

  •1•0•0•0•Updated Jul 22, 2025Jul 22, 2025

• containers-images-extractor

  Public
  Go

  •0•0•0•2•Updated Jul 22, 2025Jul 22, 2025

• containers-syft-packages-extractor

  Public
  Go

  •1•0•0•2•Updated Jul 22, 2025Jul 22, 2025

• containers-types

  Public
  Go

  •0•0•0•0•Updated Jul 22, 2025Jul 22, 2025

• ast-azure-plugin

  Public
  The CxAST Azure DevOps plugin enables you to trigger SAST, SCA, and KICS scans directly from an Azure DevOps pipeline.

  securitysecurity-toolsazure-devops-extension+ 2checkmarxcheckmarx-ast

  TypeScript

  •

  Apache License 2.0

  •5•5•5•16•Updated Jul 11, 2025Jul 11, 2025

• ci-cd-integrations

  Public
  If you are using a CI/CD platform that doesn’t yet have a dedicated Checkmarx plugin, please check this repository.

  circlecimavenbitbucket+ 6ci-cdsonarbamboo-plugincheckmarxsecurtiycheckmarx-ast

  Groovy

  •

  Apache License 2.0

  •19•10•0•2•Updated Jul 10, 2025Jul 10, 2025

• manifest-parser

  Public
  Go

  •0•0•0•0•Updated Jun 25, 2025Jun 25, 2025

• secret-detection

  Public
  Go

  •0•1•0•4•Updated Jun 16, 2025Jun 16, 2025

• vorpal-reviewdog-github-action

  Public
  Run Vorpal with reviewdog 🐶

  Shell

  •

  Apache License 2.0

  •0•4•0•0•Updated Jun 12, 2025Jun 12, 2025

• daniel-mcp-test

  Public
  Go

  •1•0•0•6•Updated Jun 8, 2025Jun 8, 2025

• Vulnerabilities-Proofs-of-Concept

  Public
  JavaScript

  •0•0•0•0•Updated Jun 4, 2025Jun 4, 2025

• gen-ai-prompts

  Public
  Remediate SAST results using AI

  Go

  •1•6•2•1•Updated May 11, 2025May 11, 2025

• Phoenix-WebGoat

  Public
  Project with vulnerabilities for plugins team tests

  Other

  •0•0•0•2•Updated Apr 15, 2025Apr 15, 2025

• plugins-release-workflow

  Public
  Automates the release workflow across all components, starting with the CLI, followed by the Wrappers, and concluding with the Plugins. This streamlined process ensures consistent and efficient deployment across the entire ecosystem.

  0•0•25•0•Updated Mar 30, 2025Mar 30, 2025

• Checkmarx-CVE-2025-30066-Detection-Tool

  Public
  Python

  •

  MIT License

  •0•1•0•0•Updated Mar 19, 2025Mar 19, 2025

• gen-ai-wrapper

  Public
  Go

  •

  Apache License 2.0

  •0•0•1•6•Updated Dec 30, 2024Dec 30, 2024

• ast-cli-maven-plugin

  Public
  A Maven plugin for using the AST CLI in Maven lifecycle phases

  Java

  •

  Apache License 2.0

  •0•0•0•9•Updated Dec 9, 2024Dec 9, 2024