Checkmarx Developer Assist is an IDE-native security assistant that helps developers identify and fix security issues as they write code. It scans code in real time, including AI-generated code, and provides actionable guidance directly in the IDE, without waiting for CI/CD or external scans.

Developer Assist runs directly within your IDE and analyzes code as it’s written, modified, or refactored. When a potential issue is detected, it surfaces inline feedback with context on why it matters and how to fix it, so you can address problems immediately without switching tools or breaking flow.

No. Developer Assist is designed to be lightweight and unobtrusive. It provides fast, incremental analysis and only surfaces relevant findings, so developers get meaningful feedback without excessive noise or performance impact.

Developer Assist goes beyond detection. It provides pre and post-commit remediation and safe refactoring suggestions to help you resolve issues without introducing breaking changes. The goal is to fix problems early, confidently, and correctly, before they ever reach a commit or pipeline.

Developer Assist identifies security issues across multiple domains, including application security vulnerabilities detected through SAST, risks introduced by open source and malicious packages, exposed secrets and credentials, Infrastructure as Code (IaC) misconfigurations, and container-related security issues. This analysis applies to both human-written code and AI-generated code, ensuring consistent protection regardless of how the code is created.

To get started, you need a supported IDE with an existing AI coding assistant enabled, such as GitHub Copilot in VS Code or native agents in Cursor, Windsurf, or AWS Kiro. For AI-powered remediation, Developer Assist connects to Checkmarx remediation intelligence through the Model Context Protocol (MCP). MCP setup is simple and takes only a single configuration step. Once connected, your IDE gains secure access to Checkmarx AppSec knowledge for real-time guidance and verified fixes, without changing your workflow.

Developer Assist is designed to minimize data sharing and keep source code inside your environment. Source code, secrets, and proprietary application data never leave the IDE. Only limited metadata, such as package name, package version, package manager, and vulnerability identifiers, are transmitted to Checkmarx services when enrichment or remediation data is required. AI-generated code changes are created locally by your IDE’s existing AI assistant, and all recommendations are reviewable, optional, and auditable. Checkmarx does not train AI models on customer data, and any optional fallback AI usage is restricted to open-source package metadata only.