This article was nominated for deletion. Please review the prior discussions if you are considering re-nomination: Speedy delete, June 12, 2013, see discussion. Delete, April 30, 2013, see discussion. Delete, November 20, 2011, see discussion. Delete, December 22, 2009, see discussion.

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Companies Low‑importance This article is within the scope of WikiProject Companies, a collaborative effort to improve the coverage of companies on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CompaniesWikipedia:WikiProject CompaniesTemplate:WikiProject Companiescompany Low This article has been rated as Low-importance on the project's importance scale. WikiProject Companies To-do: Here are some tasks awaiting attention: Article requests : Wikipedia:Requested articles/Business and economics/Companies Assess : Category:Unassessed company articles Copyedit : Category:Company articles needing attention Infobox : Category:Company articles needing infoboxes Maintain : Portal:Companies Stubs : Help expand stub articles located at Category:Company stubs Other : Tag company articles with the {{portal|Companies}} template Tag company talk pages with the {{WikiProject Companies}} project banner Answer requests for comments Computing: Security Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computer security (assessed as Low-importance). Things you can help WikiProject Computer security with: edit history watch purge Article alerts are available, updated by AAlertBot. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Israel Low‑importance This article is within the scope of WikiProject Israel, a collaborative effort to improve the coverage of Israel on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.IsraelWikipedia:WikiProject IsraelTemplate:WikiProject IsraelIsrael-related Low This article has been rated as Low-importance on the project's importance scale. Project Israel To Do: edit history watch purge Here are some tasks awaiting attention: Assess : Rate the Unassessed Israel-related articles and Unknown-importance Israel-related articles. Cleanup : Cleanup listing for this project is available. See also the list by category and the tool's wiki page. Collaborate : Participate in WikiProject Israel Palestine Collaboration. Copyedit : Timeline of the Israeli–Palestinian conflict in 2005 Deletion sorting : Participate in discussions at WikiProject Deletion sorting/Israel. Expand : Ayala Procaccia, Diamond industry in Israel, Edna Arbel, Levin Kipnis, Rami Kleinstein, Sephardic Haredim, Zman Tel Aviv, Nachum Heiman, Public Defence (Israel), Prisoner of Zion, Trial of Benjamin Netanyahu, Day to Mark the Departure and Expulsion of Jews from the Arab Countries and Iran, Pre-Modern Aliyah See also Articles needing translation from Hebrew Wikipedia. Geographical coordinates : Add geographic coordinates to Israel articles missing geocoordinate data. Infobox : Add infoboxes to Israel articles needing infoboxes. Maintain : See Israel articles needing attention. Map : See discussion at Module:Location map/data/Israel. Add maps to articles in Wikipedia requested maps in Israel. NPOV : Jewish exodus from Arab and Muslim countries Photo : Add pictures to articles in Wikipedia requested photographs in Israel. Stubs : See Israel stubs. Update : Basic Law proposal: Israel as the Nation-State of the Jewish People Other : Translate to Hebrew : David Bar-Hayim, Guy Bavli, and Guy Oseary.

The Wikimedia Foundation's Terms of Use require that editors disclose their "employer, client, and affiliation" with respect to any paid contribution; see WP:PAID. For advice about reviewing paid contributions, see WP:COIRESPONSE. geeksquad12 (talk · contribs) has been paid by Checkmarx.

They're HQ'd in NJ per their Linkedin, not Atlanta 2601:281:17F:FC79:DD88:5906:6680:D907 (talk) 18:57, 27 March 2025 (UTC)[reply]

This edit request by an editor with a conflict of interest was declined. Unclear request

The Wikimedia Foundation's Terms of Use require that editors disclose their "employer, client, and affiliation" with respect to any paid contribution; see WP:PAID. For advice about reviewing paid contributions, see WP:COIRESPONSE. geeksquad12 (talk · contribs) has been paid by Checkmarx.

I am an employee of Checkmarx, this request is part of my regular job and I am not receiving any additional compensation nor pay for article. This is disclosed in my user page. However, as an objective observer, all the below is correct and I would want these changes even if I was not an employee.

• What I think should be changed (include citations):

I would like to request an update of the Checkmarx article. The current version is significantly outdated, incomplete, and in some places inaccurate. It does not reflect the company's corporate history since 2018, its executive changes, its product evolution, or its independent coverage in trade and mainstream media.

Proposed changes include:

- **History:** Add coverage of Checkmarx's acquisitions (Codebashing 2017,^[1] Custodela 2018,^[2] Dustico 2021^[3]), layoffs in 2020 and 2022,^[4][5] and the CEO transition from Emmanuel Benzaquen to Sandeep Johri in 2023.^[6]

- **Products and platform:** Add detail about the Checkmarx One platform (covering SAST, DAST, SCA, supply chain, IaC, container, and ASPM),^[7] as well as independent coverage of its use of "agentic AI" at RSA Conference 2025.^[8] Mention contributions to open-source projects including KICS and ZAP.^[9]

- **Recognition:** Summarize independent analyst coverage (e.g., Forrester naming Checkmarx a Leader in 2023 and 2025,^[10][11] and IDC naming Checkmarx a Leader in ASPM in 2025^[12]), including both strengths and weaknesses noted by analysts.

- **Security research:** Add coverage of independent reporting on Checkmarx's security research findings, such as vulnerabilities in Android apps (2019, 2022),^[13][14] malicious packages on PyPI (2025),^[15] and risks in AI-generated code (2025).^[16]

- **Logo:** Replace the outdated logo with the current corporate logo. The updated logo file can be uploaded to Wikimedia Commons or provided to editors for upload.

• Why it should be changed:

The current article is not accurate or useful for readers: - It portrays Checkmarx primarily as a "SAST company" when reliable third-party sources and independent reputable analyst firms show it now operates a full-spectrum AppSec and ASPM platform and leaves out recent developments on AI. The product is completely misrepresented. - It lacks major corporate developments since 2018 (Dustico acquisition, CEO change, layoffs). - It excludes extensive coverage of Checkmarx's independent research (e.g., camera app vulnerabilities, Ring bug, supply chain risks). - It lacks analyst coverage that provides both praise (AI investments, breadth of support) and criticism (pricing, remediation gaps), which would improve neutrality and context.

Looking at the revision history (https://en.wikipedia.org/w/index.php?title=Checkmarx&action=history), I see that previous editors reverted updates that, while more current, used promotional language or relied too heavily on primary sources. This request is different: - All claims are supported by independent, reliable sources per WP:RS. - Both positive and negative information are included per WP:NPOV. - I rely exclusively on independent secondary sources (no company press releases or primary sources are cited in the proposed article text).

My aim is not to promote the company but to ensure accuracy and completeness. If any part of the draft still does not meet Wikipedia's requirements, I welcome editors' suggestions for revision.

• References supporting the possible change (format using the "cite" button):

A representative list:

- BankInfoSecurity – Forrester Wave 2023

- SecurityBrief UK – Forrester Wave 2025

- IT Brief – IDC ASPM 2025

- Calcalist – layoffs 2020, 2022

- Calcalist – CEO change 2023

- SecurityWeek – Android camera flaw 2019

- Ars Technica – Ring bug 2022

- DevOps.com – malicious PyPI packages

- Cybersecurity Dive – vulnerable code survey

- SiliconANGLE – agentic AI at RSA 2025

• Proposed updated article:

 Not done for now: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format. Likeanechointheforest (talk) 17:08, 12 October 2025 (UTC)[reply]

I apologize for the confusion. I provided both a point-by-point summary and a complete proposed article text, which I now understand was too much at once and made it unclear what specific changes I was requesting.

Let me break this down into smaller, specific requests. I'll start with just the three most straightforward additions to the History section:

Specific Change Request 1: Add Acquisitions

Location: History section, after the sentence "In 2020, Hellman & Friedman acquired the company in a transaction valued at $1.15 billion, while Insight retained a minority stake."

Add new paragraph:

"In 2017, Checkmarx acquired UK-based Codebashing to add developer-focused AppSec training."App security co. Checkmarx buys UK co. Codebashing". Globes. 13 June 2017. Retrieved 5 October 2025. The following year, it acquired Ontario-based Custodela, a DevSecOps consulting firm."Checkmarx Acquires Custodela". Dark Reading. 24 May 2018. Retrieved 5 October 2025."

Specific Change Request 2: Add Dustico Acquisition

Location: History section, after the paragraph about Codebashing and Custodela acquisitions

Add new paragraph:

"In 2021, Checkmarx acquired Dustico, an Israeli startup focused on malicious open-source package detection, to expand its supply chain security capabilities."Checkmarx's Dustico acquisition bolsters the open source software supply chain". VentureBeat. 5 August 2021. Retrieved 5 October 2025."Checkmarx acquires open-source supply chain security startup Dustico". TechCrunch. 5 August 2021. Retrieved 5 October 2025."

Specific Change Request 3: Add CEO Change

Location: History section, after information about Dustico acquisition

Add new paragraph:

"In 2023, founder Emmanuel Benzaquen stepped down as CEO and was succeeded by Sandeep Johri."Cybersecurity unicorn Checkmarx names new CEO". Calcalist. 15 February 2023. Retrieved 5 October 2025."

If these changes are acceptable, I can submit additional specific requests for other sections (layoffs, security research) separately. I understand now that smaller, incremental requests are more appropriate than attempting a comprehensive rewrite. Geeksquad12 (talk) 08:06, 16 October 2025 (UTC)[reply]

I'm not sure that this request was seen. Geeksquad12 (talk) 05:58, 21 October 2025 (UTC)[reply]

Hi @Likeanechointheforest I am following up if you have seen these change requests. If there's any clarification needed please let me know. Geeksquad12 (talk) 10:59, 18 November 2025 (UTC)[reply]

 Done Likeanechointheforest (talk) 15:59, 21 November 2025 (UTC)[reply]

Checkmarx is an application security company that develops a unified platform for application security testing and software supply chain risk management. Its offerings cover static and dynamic analysis, software supply chain security including software composition analysis, API and cloud security scanning, infrastructure-as-code and container security checks, secrets detection, and application security posture management (ASPM). The company has marketed the use of Agentic AI to automate aspects of security testing. Founded in Israel in 2006, Checkmarx is headquartered in Paramus, New Jersey, with additional offices in the United Kingdom, Portugal, Singapore, India, and other locations.

Checkmarx was founded in 2006 by Maty Siman, the company's CTO, and Emmanuel Benzaquen, who served as CEO until 2023.^[17][18]

In 2015, Insight Partners invested $84 million in Checkmarx.^[19] In 2020, Hellman & Friedman acquired the company in a transaction valued at $1.15 billion, while Insight retained a minority stake.^[20]

In 2017, Checkmarx acquired UK-based Codebashing to add developer-focused AppSec training.^[21] The following year, it acquired Ontario-based Custodela, a DevSecOps consulting firm.^[22]

During 2019, the company expanded its workforce by about 250 people but laid off staff in 2020 following the COVID-19 pandemic.^[23][24] In November 2022, the company laid off about 100 employees (around 10% of its workforce) as part of wider cybersecurity sector cutbacks.^[25][26]

In 2021, Checkmarx acquired Dustico, an Israeli startup focused on malicious open-source package detection, to expand its supply chain security capabilities.^[27][28]

In 2023, founder Emmanuel Benzaquen stepped down as CEO and was succeeded by Sandeep Johri.^[29]

In September 2025, Checkmarx One for Government was added to the NASA SEWP catalog with a FedRAMP High / Ready designation.^[30]

Trade press has covered the company's push into agent-assisted workflows. At RSA Conference 2025, reports described an early "agentic AI" control plane intended to coordinate autonomous assistants across developer pipelines,^[31] and industry roundups noted efforts to embed AI guidance directly into AI-native IDEs such as Windsurf and Cursor.^[32]

Checkmarx's flagship product is Checkmarx One, a unified application security platform. It combines static and dynamic application security testing, software composition analysis, API and cloud security scanning, infrastructure-as-code and container security checks, secrets detection, malicious package detection, and application security posture management (ASPM). The platform incorporates Agentic AI features such as IDE-based coding assistance and AI-generated remediation suggestions.^[33]

In addition to its commercial products, Checkmarx contributes to open-source security projects. These include KICS (Keeping Infrastructure as Code Secure), Vorpal, Too Many Secrets (2MS), and the Zed Attack Proxy (ZAP) web application security testing tool. In 2024, Checkmarx announced support for ZAP, with project leaders Simon Bennetts, Rick Mitchell, and Ricardo Pereira joining the company as employees.^[34]

Checkmarx has been evaluated frequently by leading industry analyst firms such as Gartner, Forrester Research, and IDC.^[35]

Gartner repeatedly positioned Checkmarx as a Leader in its Magic Quadrant for Application Security Testing.^[36]

Analyst coverage summarized in trade media has cited the company's AI investments and language breadth,^[37][38] while earlier evaluations flagged pricing and remediation limitations. In 2023, BankInfoSecurity reported that Forrester had named Checkmarx a Leader in its Wave for Static Application Security Testing (SAST), alongside Veracode and Synopsys.^[39]

In 2025, IT Brief reported that IDC positioned Checkmarx as a Leader in the MarketScape for Application Security Posture Management (ASPM).^[40] That same year, SecurityBrief highlighted Forrester's SAST evaluation, pointing to Checkmarx's strong AI investments and breadth of language support.^[41]

Checkmarx maintains a research division, Checkmarx Zero, that has published findings on vulnerabilities and software supply chain risks:

• In 2019, researchers disclosed flaws in Google and Samsung Android camera apps that could enable remote surveillance.^[42]
• In 2022, Ars Technica reported a flaw in the Ring Android app that exposed sensitive user data.^[43]
• In 2025, Checkmarx reported malicious Python packages on PyPI designed to exfiltrate data.^[44]
• In 2025, Cybersecurity Dive reported survey data from Checkmarx indicating that 98% of organizations experienced breaches linked to software flaws.^[45]
• In 2025, ITProToday covered research warning that AI-generated code creates "blind spots" in DevSecOps.^[46]

Independent reporting on Checkmarx research also examined manipulation risks in AI coding agents via a "lies-in-the-loop" technique,^[47] alongside broader supply-chain findings in public repositories.^[48] Survey reporting highlighted that most organizations experienced breaches tied to vulnerable code amid growing adoption of AI development tools.^[49]

• ZAP project

Geeksquad12 (talk) 10:09, 8 October 2025 (UTC)[reply]

Are you requesting a change? I'm not sure what the point of this comment is, sorry. PhotographyEdits (talk) 12:08, 16 October 2025 (UTC)[reply]

I wouldn't add this one. See WP:ELMINOFFICIAL. Presumably a link to this exists on the company's main website; if it isn't of sufficient importance for them to have on their own site, then it wouldn't be of sufficient importance to be in the article. Largoplazo (talk) 14:31, 16 October 2025 (UTC)[reply]

The link exists on this page: checkmarx.com/product/zap/

However, ZAP is also an open-source project that, while supported by the company, is independent and the website is run by the ZAP community and not controlled by the company. Geeksquad12 (talk) 05:58, 21 October 2025 (UTC)[reply]

The user below has a request that an edit be made to Checkmarx. That user has an actual or apparent conflict of interest. The requested edits backlog is very high. Please be extremely patient. There are currently 223 requests waiting for review. Please read the instructions for the parameters used by this template for accepting and declining them, and review the request below and make the edit if it is well sourced, neutral, and follows other Wikipedia guidelines and policies.

Hi, I have a declared COI as an employee of Checkmarx (see my userpage). This request is *limited to a single, specific change* to improve accuracy and neutrality.

• Change the first sentence of the lead from:

"Checkmarx is a static application security testing (SAST) company…"

To the following more accurate and neutral wording (no promotional language):

"Checkmarx is an application security company that develops a unified platform for software application security testing and software supply chain risk management."

The current opening sentence is out of date and misleading. Multiple independent secondary sources show that Checkmarx now offers a broad application security platform that includes SAST but is not limited to it.

This request does *not* add product details or marketing language. It simply updates the **category of company** to match how reliable third-party sources describe it.

I am deliberately *not* proposing any additions to the rest of the lead or product section in this request. This request adjusts only the first sentence for factual accuracy and neutrality.

• InfoWorld – coverage of Checkmarx across SAST, SCA, IaC, supply chain, and AI-related AppSec workflows: https://www.infoworld.com/article/4047160/8-vendors-bringing-ai-to-devsecops-and-application-security.html
• SiliconANGLE – coverage of Checkmarx platform and AI security tooling: https://siliconangle.com/2025/05/05/ai-agents-may-battle-ai-attackers-still-improving-security-workflow-rsac-2025/
• Cybersecurity Dive – coverage of Checkmarx research and platform scope: https://www.cybersecuritydive.com/news/software-vulnerabilities-breaches-checkmarx-report/757793/

There are also independent analyst reports (Gartner, Forrester, IDC) that categorize this new category, as practitioner terminology has evolved.

If any refinement is needed to comply with policy, I welcome guidance and will adjust accordingly.

Thank you for considering this request. — Preceding unsigned comment added by Geeksquad12 (talk • contribs) 18:48, 24 November 2025 (UTC)[reply]

Following up on this request ~2025-42709-33 (talk) 09:18, 24 December 2025 (UTC)[reply]

I have changed your suggestion somewhat to be able to better link to other articles without creating a MOS:SOB. Let me know if you desire future changes. PhotographyEdits (talk) 11:02, 24 December 2025 (UTC)[reply]