What is Checkmarx Developer Assist?
Checkmarx Developer Assist is an IDE-native security assistant that helps developers identify and fix security issues as they write code. It scans code in real time, including AI-generated code, and provides actionable guidance directly in the IDE, without waiting for CI/CD or external scans.
How does Checkmarx Developer Assist work inside my IDE?
Developer Assist runs directly within your IDE and analyzes code as it’s written, modified, or refactored. When a potential issue is detected, it surfaces inline feedback with context on why it matters and how to fix it, so you can address problems immediately without switching tools or breaking flow.
Will Checkmarx Developer Assist slow down my development workflow?
No. Developer Assist is designed to be lightweight and unobtrusive. It provides fast, incremental analysis and only surfaces relevant findings, so developers get meaningful feedback without excessive noise or performance impact.
Does Checkmarx Developer Assist help me fix issues, or just flag them?
Developer Assist goes beyond detection. It provides pre and post-commit remediation and safe refactoring suggestions to help you resolve issues without introducing breaking changes. The goal is to fix problems early, confidently, and correctly, before they ever reach a commit or pipeline.
What types of security issues does Checkmarx Developer Assist detect?
Developer Assist identifies security issues across multiple domains, including application security vulnerabilities detected through SAST, risks introduced by open source and malicious packages, exposed secrets and credentials, Infrastructure as Code (IaC) misconfigurations, and container-related security issues. This analysis applies to both human-written code and AI-generated code, ensuring consistent protection regardless of how the code is created.
What information is shared with Checkmarx or AI models when I use Checkmarx Developer Assist?
Developer Assist is designed to minimize data sharing and keep source code inside your environment. Source code, secrets, and proprietary application data never leave the IDE. Only limited metadata, such as package name, package version, package manager, and vulnerability identifiers, are transmitted to Checkmarx services when enrichment or remediation data is required. AI-generated code changes are created locally by your IDE’s existing AI assistant, and all recommendations are reviewable, optional, and auditable. Checkmarx does not train AI models on customer data, and any optional fallback AI usage is restricted to open-source package metadata only.
Checkmarx Developer Assist
