San Francisco, CA, United States, March 3rd, 2026, CyberNewswire
In a significant move in the realm of software security, Archipelo and Checkmarx have forged a technical partnership aimed at enhancing application vulnerability management within modern software development workflows. This collaboration seeks to address the prevalent challenge of correlating vulnerability findings with the contextual factors surrounding software development, thereby enabling organizations to make more informed remediation decisions.
Both companies are aware that application security platforms are becoming indispensable tools for organizations. They serve to identify and prioritize vulnerabilities across software repositories and development pipelines. However, these systems often fall short in capturing essential aspects of the development process. Specifically, they do not typically include details about how a vulnerability was introduced into the codebase, nor do they account for the specific development conditions that contributed to its emergence.
In today’s software production landscape, which increasingly involves a combination of human developers and AI-assisted coding workflows, understanding the context of vulnerabilities is essential. For organizations to effectively investigate and remediate vulnerabilities, they must discern who initiated a change, whether AI tools played a role in that process, and what workflow conditions were present at the time the code was altered.
The partnership between Archipelo and Checkmarx promises to bridge this gap by correlating vulnerability findings with critical development-origin signals, derived from the activity during software creation. These signals include details such as the identity of the developer associated with code changes, workflow metadata, and insights into code provenance—information that is critical for understanding the context of security vulnerabilities.
This innovative approach introduces a form of development-origin context into existing application security workflows. For instance, during the investigation and remediation phases, security teams can enrich their analyses with evidence that documents how vulnerabilities were introduced, rather than relying solely on post-hoc assumptions.
Archipelo is known for its Developer Security Posture Management (DevSPM) solution, which emphasizes the tracking of developer actions during the software creation process. On the other hand, Checkmarx specializes in application security testing and Application Security Posture Management (ASPM), which aids organizations in identifying and managing software risks throughout their development pipelines.
The combination of these two systems offers unique advantages. Organizations can not only assess the presence of vulnerabilities but also understand the circumstances surrounding their introduction. As Matthew Wise, CEO of Archipelo, articulated, “Vulnerability detection establishes that risk exists. Development context shows how the change entered the system—encompassing who was responsible, what actions they took, and the AI-assisted conditions that were prevalent during its creation.”
Moreover, Ori Bendet, VP of Product Management at Checkmarx, emphasized the necessity for organizations to garner more than just vulnerability detection. He stated, “They need the context required to act quickly and confidently.” By fusing Checkmarx’s capabilities in application risk insights with Archipelo’s focus on development-origin context, security teams are empowered to gain a clearer and more actionable understanding of how risks infiltrate the software lifecycle. This, in turn, allows for prioritization of remediation efforts based on solid operational evidence.
To further share their insights and methodologies, Archipelo and Checkmarx are scheduled to present their approach in a joint webinar on March 11, 2026. Interested parties can find registration details on the Archipelo website.
About Archipelo
Archipelo is dedicated to Developer Security Posture Management (DevSPM), concentrating on the software creation phase. The platform not only identifies code changes but also links them to the developers and AI-assisted workflows responsible, traversing both source control and CI/CD systems. By correlating this activity with security findings, Archipelo provides attributable origin context, shedding light on the identity and actions that led to risks being integrated into the codebase.
About Checkmarx
Checkmarx stands out as an enterprise application security platform that empowers organizations to pinpoint, prioritize, and remedy software risks across modern development environments. By amalgamating application security testing with Application Security Posture Management (ASPM), Checkmarx offers unified visibility, contextual risk insights, and scalable governance, enabling global enterprises to fortify their software security outcomes while keeping pace with rapid, AI-enhanced development.
For further inquiries, interested parties may contact Stan Kapusta, Marketing Manager of Archipelo, at [email protected]