Archipelo and Checkmarx Partner to Connect AppSec Detection with Development-Origin Context

Archipelo and Checkmarx have announced a new technical partnership aimed at bridging a critical gap in modern application security. As software delivery workflows become increasingly complex, organizations are demanding deeper visibility not only into where vulnerabilities exist, but also into how they were introduced. Through this collaboration, the two companies will correlate application vulnerability findings with development-origin context, bringing greater clarity and accountability to security investigations.

Today’s application security platforms effectively scan repositories and CI/CD pipelines to detect and prioritize vulnerabilities. However, while these tools highlight where risk is present, they often fail to explain how a specific change entered the codebase or what development conditions contributed to its creation. Consequently, security teams are left reconstructing events after the fact, which slows down remediation and creates uncertainty in high-pressure response scenarios.

Cyber Technology Insights: Armis Launches Centrix for Unified AI-Driven Application Security

Modern software production further complicates this landscape. Development now involves both human programmers and AI-assisted coding tools, which accelerate output but also introduce new variables into the creation process. Therefore, when vulnerabilities surface, organizations must determine which identity initiated the change, whether AI tooling played a role, and what workflow conditions existed at the time. Without this context, security teams may struggle to assess root causes accurately.

The Archipelo–Checkmarx partnership directly addresses this challenge by enabling correlation between vulnerability detection results and development-origin signals captured during software creation. These signals include developer identity association, workflow metadata, and code provenance information. By integrating this contextual evidence into existing application security workflows, the joint solution allows investigation teams to analyze not just the vulnerability itself, but also the circumstances surrounding its introduction.

Archipelo specializes in Developer Security Posture Management (DevSPM), a security discipline focused on observing and analyzing developer actions throughout the software creation process. Meanwhile, Checkmarx delivers comprehensive application security testing and Application Security Posture Management (ASPM), helping organizations identify and manage risk across development pipelines. Together, their technologies create a more holistic security model one that examines both the presence of risk and the operational conditions under which it emerged.

“Vulnerability detection establishes that risk exists,” said Matthew Wise, CEO of Archipelo. “Development context shows how the change entered the system including the identity, actions, and AI-assisted conditions present during creation. The partnership connects these capabilities so remediation decisions are based on originating evidence rather than post-hoc reconstruction.”

Cyber Technology Insights: F5 NGINXaaS for Google Cloud Advances Cloud-Native Application Delivery and Security

By embedding development-origin context into security workflows, organizations can move from reactive investigation to evidence-based remediation. This approach not only accelerates response times but also enhances governance, compliance tracking, and accountability across engineering teams.

“Organizations need more than vulnerability detection they need the context required to act quickly and confidently,” said Ori Bendet, VP of Product Management at Checkmarx. “By combining Checkmarx’s application risk insights with Archipelo’s development-origin context, security teams gain a clearer understanding of how risk enters the software lifecycle and can prioritize remediation based on operational evidence.”

Ultimately, this partnership reflects a broader shift in cybersecurity strategy. As AI-assisted development grows and software supply chains expand, security leaders must adopt tools that connect detection with traceability. By aligning AppSec intelligence with development-origin insights, Archipelo and Checkmarx are helping organizations strengthen transparency, improve decision-making, and secure modern software ecosystems more effectively.

Cyber Technology Insights: Oligo Extends Runtime Protection Platform to Secure AI Applications, Models, and Agentic Systems

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com

Tags: Application security, application vulnerability, Archipelo, Checkmarx, software supply chains, vulnerability detection

CyberTech Staff Writer

CyberTech Staff Writer is a seasoned cybersecurity expert and analyst with over 20 years of experience in IT security and networking. Passionate about safeguarding digital landscapes, they specialize in identifying, assessing, and reporting cyber threats and best practices to help enterprises prevent and recover from cyber disasters. Their expertise covers cloud security, application security, ransomware assessment, threat intelligence, incident response, Zero Trust Network Access (ZTNA), and more. As a recognized thought leader in the cybersecurity community, the CyberTech Staff Writer collaborates to deliver insightful, actionable content that empowers organizations to build strong, proactive defenses against evolving cyber threats.