Repositories list

• ast-jetbrains-plugin

  Public
  The CxAST JetBrains plugin enables you to import results from a CxAST scan directly into your IDE.

  securityjetbrains-plugincheckmarx+ 1

  securityjetbrains-plugincheckmarxcheckmarx-ast

  Java

  •

  Apache License 2.0

  •33 forks•22 stars•11 issue•1010 pull requests•Updated Jun 24, 2026Jun 24, 2026

• ast-eclipse-plugin

  Public
  The CxAST Eclipse plugin enables you to import results from a CxAST scan directly into your IDE. You can view the vulnerabilities that were identified in your s…

  securityeclipse-plugincheckmarx+ 1

  securityeclipse-plugincheckmarxcheckmarx-ast

  Java

  •

  Apache License 2.0

  •1212 forks•44 stars•22 issues•55 pull requests•Updated Jun 24, 2026Jun 24, 2026

• ast-cli-javascript-wrapper-runtime-cli

  Public
  Java Script Wrapper that uses the CLI by runtime Download

  cli

  cli

  TypeScript

  •1010 forks•11 star•11 issue•99 pull requests•Updated Jun 24, 2026Jun 24, 2026

• ast-vscode-extension

  Public
  The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view…

  securityvscode-extensioncheckmarx+ 1

  securityvscode-extensioncheckmarxcheckmarx-ast

  TypeScript

  •

  Apache License 2.0

  •1010 forks•1919 stars•1010 issues•1818 pull requests•Updated Jun 24, 2026Jun 24, 2026

• ast-azure-plugin

  Public
  The CxAST Azure DevOps plugin enables you to trigger SAST, SCA, and KICS scans directly from an Azure DevOps pipeline.

  securitysecurity-toolsazure-devops-extension+ 2

  securitysecurity-toolsazure-devops-extensioncheckmarxcheckmarx-ast

  TypeScript

  •

  Apache License 2.0

  •66 forks•77 stars•99 issues•1717 pull requests•Updated Jun 24, 2026Jun 24, 2026

• ast-cli-java-wrapper

  Public
  Java SDK to access AST

  cli

  cli

  Java

  •

  Apache License 2.0

  •11 fork•11 star•11 issue•1515 pull requests•Updated Jun 24, 2026Jun 24, 2026

• manifest-parser

  Public
  Go

  •00 forks•00 stars•00 issues•55 pull requests•Updated Jun 24, 2026Jun 24, 2026

• ast-visual-studio-extension

  Public
  The CxAST Visual Studio plugin enables you to import results from a CxAST scan directly into your IDE

  securityvisual-studio-extensioncheckmarx+ 2

  securityvisual-studio-extensioncheckmarxvisual-studio-2022checkmarx-ast

  C#

  •

  Apache License 2.0

  •66 forks•33 stars•33 issues•2626 pull requests•Updated Jun 23, 2026Jun 23, 2026

• kics

  Public
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS b…

  golangsecurityiac+ 9

  golangsecurityiacinfrastructure-as-codecloudnativeappsecvulnerability-detectionhacktoberfestvulnerability-scannerssecurity-tools+ 2

  Open Policy Agent

  •

  Apache License 2.0

  •374374 forks•2.7k2.7k stars•154154 issues•167167 pull requests•Updated Jun 22, 2026Jun 22, 2026

• ast-cli

  Public
  A CLI project wrapping application security testing (AST) APIs

  cliastcheckmarx+ 1

  cliastcheckmarxcheckmarx-ast

  Go

  •

  Apache License 2.0

  •55 forks•1010 stars•44 issues•1919 pull requests•Updated Jun 22, 2026Jun 22, 2026

• kics-github-action

  Public
  GitHub actions of KICS scan - Keeping Infrastructure as Code Secure

  JavaScript

  •

  GNU General Public License v3.0

  •66 forks•88 stars•1515 issues•55 pull requests•Updated Jun 18, 2026Jun 18, 2026

• ast-teamcity-plugin

  Public
  The CxAST TeamCity plugin enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project.

  securityteamcity-plugincheckmarx+ 1

  securityteamcity-plugincheckmarxcheckmarx-ast

  Java

  •

  Apache License 2.0

  •22 forks•33 stars•11 issue•1818 pull requests•Updated Jun 18, 2026Jun 18, 2026

• ast-github-action

  Public
  GitHub actions of ast scan - Keeping Infrastructure as Code Secure

  securitygithub-actionscheckmarx+ 1

  securitygithub-actionscheckmarxcheckmarx-ast

  Shell

  •

  Apache License 2.0

  •33 forks•33 stars•88 issues•11 pull request•Updated Jun 18, 2026Jun 18, 2026

• ast-cli-maven-plugin

  Public
  A Maven plugin for using the AST CLI in Maven lifecycle phases

  Java

  •

  Apache License 2.0

  •00 forks•00 stars•00 issues•1010 pull requests•Updated Jun 18, 2026Jun 18, 2026

• plugins-release-workflow

  Public
  Automates the release workflow across all components, starting with the CLI, followed by the Wrappers, and concluding with the Plugins. This streamlined process…

  00 forks•00 stars•2525 issues•00 pull requests•Updated Jun 17, 2026Jun 17, 2026

• ast-cli-javascript-wrapper

  Public
  cli

  cli

  TypeScript

  •00 forks•11 star•00 issues•1414 pull requests•Updated Jun 17, 2026Jun 17, 2026

• 2ms

  Public
  Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git

  securitysecret-managementsecrets+ 3

  securitysecret-managementsecretsappsecsecret-keysapi-keys

  Go

  •

  Apache License 2.0

  •3333 forks•156156 stars•1010 issues•88 pull requests•Updated Jun 17, 2026Jun 17, 2026

• homebrew-ast-cli

  Public
  Ruby

  •00 forks•22 stars•11 issue•00 pull requests•Updated Jun 16, 2026Jun 16, 2026

• ci-cd-integrations

  Public
  If you are using a CI/CD platform that doesn’t yet have a dedicated Checkmarx plugin, please check this repository.

  circlecimavenbitbucket+ 6

  circlecimavenbitbucketci-cdsonarbamboo-plugincheckmarxsecurtiycheckmarx-ast

  Groovy

  •

  Apache License 2.0

  •2323 forks•1414 stars•00 issues•33 pull requests•Updated Jun 16, 2026Jun 16, 2026

• containers-resolver

  Public
  Go

  •11 fork•11 star•00 issues•22 pull requests•Updated Jun 16, 2026Jun 16, 2026

• containers-syft-packages-extractor

  Public
  Go

  •11 fork•11 star•00 issues•44 pull requests•Updated Jun 16, 2026Jun 16, 2026

• containers-types

  Public
  Go

  •00 forks•00 stars•00 issues•11 pull request•Updated Jun 16, 2026Jun 16, 2026

• harden-runner-action

  Public
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on t…

  TypeScript

  •

  Apache License 2.0

  •106106 forks•00 stars•00 issues•00 pull requests•Updated Jun 10, 2026Jun 10, 2026

• Phoenix-WebGoat

  Public
  Project with vulnerabilities for plugins team tests

  Other

  •11 fork•00 stars•00 issues•22 pull requests•Updated Jun 10, 2026Jun 10, 2026

• secret-detection

  Public
  Go

  •00 forks•11 star•00 issues•44 pull requests•Updated Jun 10, 2026Jun 10, 2026

• gen-ai-wrapper

  Public
  Go

  •

  Apache License 2.0

  •00 forks•00 stars•11 issue•66 pull requests•Updated Jun 10, 2026Jun 10, 2026

• capital

  Public
  A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities w…

  ctfvulnerable-web-appapisecurity

  ctfvulnerable-web-appapisecurity

  CSS

  •

  GNU Affero General Public License v3.0

  •8888 forks•332332 stars•55 issues•1313 pull requests•Updated Jun 10, 2026Jun 10, 2026

• sast-to-ast-export

  Public
  CLI tool to export data from CxSAST and import into AST CxOne

  securityapplicationast+ 1

  securityapplicationastsast

  Go

  •

  Apache License 2.0

  •88 forks•55 stars•33 issues•00 pull requests•Updated May 30, 2026May 30, 2026

• cuteboi

  Public
  This open-source project tracks CuteBoi's activity over time as there are evidence the actor is still active. All information provided here is intended for rese…

  Vue

  •55 forks•2727 stars•00 issues•00 pull requests•Updated May 30, 2026May 30, 2026

• nexus-security-plugin

  Public
  Java

  •

  Apache License 2.0

  •11 fork•22 stars•00 issues•00 pull requests•Updated May 30, 2026May 30, 2026