Checkmarx Expands Auto-Remediation with New Mobb Integration for SAST
November 2023 by Marc Jacob
Checkmarx announced an integration with Mobb, the trusted automated vulnerability fixer, to streamline application security testing and remediation within familiar developer workflows. Checkmarx customers can now deploy Mobb’s auto-remediation solution for vulnerabilities identified during scans with Checkmarx SAST. This new capability represents an expansion of Checkmarx’ auto-remediation offerings for SCA (software composition analysis) and IaC (infrastructure-as-code) Security.
The Mobb integration with Checkmarx significantly reduces time-to-remediation from nearly five hours to five minutes, on average, simplifying the process in two primary ways:
• Checkmarx’ industry-leading SAST solution is highly tuned for accuracy and prioritises findings to minimise the noise that enters the development workflow. Developers can trust that alerts are genuinely exploitable problems and be guided to fix the most critical vulnerabilities first.
• Mobb’s AI engine leverages heuristics to perform auto-remediation of vulnerabilities identified by Checkmarx in just a few clicks. Developers are freed from reviewing scan reports to search for fixes and fix locations, allowing them to focus on innovation.
Mobb reduces time-to-remediation by 99% on average. With this new integration, workflows are simplified and, when integrated within the SDLC, typically resemble the following:
• A developer commits code changes to the organisation’s code hosting platform.
• A Checkmarx SAST scan is automatically initiated in the appropriate phase of the SDLC.
• Mobb analyses the reported vulnerabilities and the developer’s source code for essential contextual information on how the error was created.
• Mobb then incorporates the additional context and proposes a fix, presenting it side-by-side with the vulnerable code.
• The developer approves and commits the fix.
• Checkmarx then scans to verify that the fix is effective.
Key features of the integration include the ability to scan with Checkmarx through Mobb CLI and the ability of users to retrieve their applications managed in Checkmarx One directly into Mobb without having to import or configure each of them individually.