Checkmarx named a Leader in The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025

Checkmarx scores highest in Current Offering category across 10 evaluated vendors.

We’re proud to announce that Checkmarx has been recognized as a Leader in The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025.

We believe this achievement is particularly significant: Checkmarx received the highest scores possible across 8 critical criteria and received the highest score in the Current Offering category of the vendors evaluated. Forrester assessed 10 SAST providers “that matter most” across current offering, strategy, and customer feedback.

“We believe being recognized as a Leader in the Forrester Wave for SAST reflects both our relentless customer focus and our forward-looking innovation,” said Jonathan Rende, Chief Product Officer at Checkmarx. “We believe that Forrester’s recognition of our AI investments and our roadmap underscore the value we’re delivering today while also preparing enterprises to secure the future of AI-driven development.”

Competitive map Forrester Wave™: Static Application Security Testing Solutions, Q3 2025

Why this report matters for security professionals

The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025 provides critical insights for AppSec leaders, CISOs, and development leads making strategic decisions about their application security testing infrastructure.

This independent evaluation comes at a pivotal moment when organizations are grappling with the security implications of AI-assisted development and accelerated release cycles.

For security professionals, Forrester’s rigorous methodology provides an objective assessment of vendor capabilities. Choosing the right application security solution can be the difference between ensuring the ideal balance between dev speed and security, and between setting an organization’s security posture back years – impacting developer productivity, and compliance readiness. This evaluation provides the independent analysis needed to make confident decisions.

Recognized for AI-Enhanced Application Security

As AI transforms software development, organizations need SAST solutions that can secure both human-written and AI-generated code today – not in future releases.

According to the Forrester report, “Checkmarx stands out for its investment in AI.”

The evaluation further notes that, “Checkmarx’s vision is to secure modern applications. To help customers develop AI with guardrails and executive visibility, Checkmarx is developing a suite of AI agents for code creation, policies, and insights. In addition, its SAST roadmap includes support for AI programming languages and frameworks, integration with AI code generators, and LLM security.”

Experience AI-powered SAST. Get a demo now.

Why Choose an Analyst-Recognized AppSec Solution

We believe Forrester’s recognition of Checkmarx in The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025 reflects our strategic vision to secure modern applications and our leadership in AI-driven application security. Checkmarx believes being recognized as a leader in the SAST market positions them as the ideal partner for enterprises leveraging existing and emerging technologies in their application development.

Checkmarx’s Top Ranked Criteria

Checkmarx achieved the highest possible score of 5 across eight critical evaluation criteria, which Checkmarx believes demonstrates leadership in key areas that matter most to AppSec professionals:

Risk Prioritization – Scored 5 for superior capabilities in vulnerability prioritization, grouping fixes together, and correlating results from multiple security testing tools to help developers focus on the most critical issues.

Language and Framework Support – Achieved the top score of 5 for our exceptional breadth of programming language coverage, supporting more than 30 programming languages and 100 frameworks with transparent product support.

Modern Application Development Support – Received a top score of 5 for superior static analysis capabilities across AI applications, low-code languages, CI/CD pipeline security, and API security aligned with OWASP standards.

Policy Management – Scored 5 for advanced policy customization capabilities, centrally definable policies, and sophisticated enforcement actions across the entire software development lifecycle.

Application Portfolio Risk Management – Achieved with the highest score of 5 for superior application risk visibility, code-to-cloud correlation, and automated discovery of AI components.

AI-Powered Tools in SDLC – Received the highest score of 5 for our investment in AI-enhanced security capabilities and integration with AI development workflows.

Roadmap – Scored 5 for our strategic vision and planned innovations, including AI agents for code creation, policies, and insights.

Supporting Services and Offerings – Achieved the highest score of 5 for comprehensive customer support, professional services, and training capabilities.

We believe these scores translate to real business outcomes: faster development cycles, reduced security debt, and lower total cost of ownership for enterprise security programs.

What Sets Checkmarx Apart

Comprehensive Excellence – Checkmarx received the highest scores possible across eight diverse criteria – demonstrating, in our opinion, comprehensive excellence rather than point solutions.

AI Investment recognized – We believe our 5/5 score in “AI-powered tools in SDLC” reflects not just future promises, but current capabilities that help developers secure AI-generated code and prepare for the evolving landscape of AI-assisted development.

Enterprise-Ready Platform Integration – For us, our top 5/5 scores in Policy Management and Application Portfolio Risk Management demonstrate that Checkmarx One isn’t just a scanning tool – it’s a comprehensive platform designed for enterprise-scale governance and risk management.

Future-Proof Technology Coverage – Checkmarx believes their highest scores possible in Language and Framework Support, Modern Application Development Support, and Roadmap show that they adapt to new technologies while maintaining deep expertise across traditional and emerging development practices.

Discover What Sets Leaders Apart

For Checkmarx, its recognition as a Leader in The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025 and the highest ranked vendor in the Current Offering category validates our commitment to securing the future of application development. With the highest scores possible across eight critical criteria, we’re defining the evolving threat landscape.

As organizations navigate AI-assisted development and accelerated release cycles, they need a trusted partner that combines deep SAST expertise with comprehensive platform capabilities. We believe this recognition confirms that security leaders can rely on Checkmarx to deliver cutting-edge innovation and enterprise-proven reliability.

The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025, Forrester Research, Inc., September 9, 2025

Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .