Archipelo and Checkmarx today announced a technical partnership focused on correlating application vulnerability findings with development-origin context within modern software delivery workflows.
Application security platforms identify and prioritize vulnerabilities across repositories and pipelines.
These systems indicate where risk exists but typically do not capture how a change entered the codebase or what development conditions contributed to its introduction.
Modern production software is created through a combination of human developers and AI-assisted coding workflows.
During investigation and remediation, organizations increasingly need to determine which identity initiated a change, whether AI tooling participated, and what workflow conditions were present at the time of creation.
The partnership enables correlation between vulnerability findings and development-origin signals derived from software creation activity.
These signals include developer identity association, workflow metadata, and code provenance information observable during the development process.
This approach introduces development-origin context into existing application security workflows, allowing investigation processes to incorporate recorded creation evidence alongside vulnerability detection results.
Archipelo provides Developer Security Posture Management (DevSPM), a security discipline focused on observable developer actions during software creation.
Checkmarx provides application security testing and Application Security Posture Management (ASPM) for identifying and managing software risk across development pipelines.
Together, the systems allow organizations to analyze both the presence of risk and the conditions under which it was introduced.
“Vulnerability detection establishes that risk exists,” said Matthew Wise, CEO of Archipelo.
“Development context shows how the change entered the system — including the identity, actions, and AI-assisted conditions present during creation. The partnership connects these capabilities so remediation decisions are based on originating evidence rather than post-hoc reconstruction.”
“Organizations need more than vulnerability detection — they need the context required to act quickly and confidently,” said Ori Bendet, VP of Product Management at Checkmarx.
“By combining Checkmarx’s application risk insights with Archipelo’s development-origin context, security teams gain a clearer understanding of how risk enters the software lifecycle and can prioritize remediation based on operational evidence.”
The companies will present the approach in a joint webinar on March 11, 2026. Registration details are available at https://archipelo.com/webinar/archipelo+checkmarx.
Archipelo provides Developer Security Posture Management (DevSPM), focused on the software creation layer. The platform associates code changes with the developers and AI-assisted workflows that produced them across source control and CI/CD systems.
By correlating this activity with security findings, Archipelo supplies attributable origin context — identifying the identity and actions involved in how risk entered the codebase — complementing artifact- and runtime-focused security platforms.
Website: https://archipelo.com/
Checkmarx provides an enterprise application security platform that enables organizations to identify, prioritize, and remediate software risk across modern development environments.
Combining application security testing with Application Security Posture Management (ASPM), Checkmarx delivers unified visibility, contextual risk insights, and scalable governance across complex pipelines.
Global enterprises rely on Checkmarx to strengthen software security outcomes while supporting the speed of modern, AI-assisted development.
Website: https://checkmarx.com/
Marketing Manager
Stan Kapusta
Archipelo, Inc
stan@archipelo.co
The post Archipelo and Checkmarx Announce Partnership Connecting AppSec Detection with DevSPM appeared first on Cyber Security News.
Director Matt Reeves has revealed the full cast for The Batman Part II, confirming several…
Looking for a powerful ebike with the speed and range to meet your ambitious needs?…
Marathon is attempting to broaden its playerbase with new offerings, such as a PVE-only mode.…
A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot…
A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and…
INDIANAPOLIS, Ind. (WOWO) — Richard Allen’s attorneys will get their day in court as they…
This website uses cookies.