Checkmarx brings IDE-native security checks to Kiro

Checkmarx has added IDE-native support for Kiro to its Developer Assist product, extending its application security analysis into an AI-focused development environment.

The update brings security findings into the IDE as developers write code. By surfacing issues earlier, it is positioned as reducing reliance on later-stage CI/CD scanning.

Developer Assist runs through the official Checkmarx IDE extension. After authentication, developers can enable it in Kiro with minimal setup. Support for additional workflows, including command-line interfaces, is planned.

Once enabled, Developer Assist analyses source code and dependencies in the active workspace and automatically applies existing Checkmarx One policies. The integration is designed to work without Kiro-specific configuration, proprietary APIs, or experimental integrations.

Security In The IDE

The integration addresses the security implications of faster development cycles and the wider use of AI-assisted coding tools. As release frequency increases, vulnerabilities can occur more frequently and earlier in the software lifecycle. Security tooling has often relied on late-pipeline scans, pushing fixes to later stages and increasing rework.

With IDE-native analysis, findings appear directly in the IDE where developers work. The IDE view includes contextual remediation details, making it easier to fix issues before code is committed rather than after a build completes or during code review.

The IDE experience also connects to the Checkmarx One platform. Findings identified in the IDE are reflected in Checkmarx One, giving application security and engineering leaders a consolidated view of risk across projects and teams. This setup links developer workflows with central policy management and reporting.

Jonathan Rende, Chief Product Officer at Checkmarx, described the update as a response to the pace of AI-driven development environments.

"With AI-driven development environments like Kiro, security must operate at developer speed. Developer Assist brings agentic, policy-driven security insight directly into the IDE, helping developers understand real risk in real time while giving AppSec teams centralized visibility and control through Checkmarx One. With the Kiro agent powered by Checkmarx, developers can eliminate up to 90% of security rework before code is committed."

How It Fits

Checkmarx positions Developer Assist as part of a broader shift toward what it calls "agentic application security". In practical terms, it emphasises automated analysis that runs close to where code is written, rather than relying solely on downstream checks. The Kiro integration extends that model to an IDE designed for AI-assisted coding.

The product is framed around early prevention rather than post-facto detection. By applying Checkmarx One policies in the developer workspace, the approach aims to keep rules consistent across teams and move feedback closer to the moment code is written.

This integration also reflects a broader pattern in application security. Developer-facing tools increasingly compete on how seamlessly they fit into common IDE workflows and how quickly they provide actionable feedback. At the same time, AppSec teams typically want central control over policies and reporting across a growing number of repositories and services.

Platform Context

Checkmarx One is the company's platform for managing application security across the software development lifecycle. Checkmarx says it scans trillions of lines of code each year for customers and reduces vulnerability density by more than half. It describes its coverage as spanning legacy code, modern application stacks, and AI-generated code.

Kiro support aligns with Checkmarx's strategy of extending security checks to the tools developers use most. Developer Assist is available across multiple IDEs, includes a free trial, and is expected to expand to additional workflows alongside continued IDE integration.