Checkmarx

Checkmarx is an enterprise application security company specializing in static application security testing (SAST) headquartered in Atlanta, Georgia in the United States.^[1] It has over 900 employees.^[1]

Checkmarx

Company type	Private
Industry	Software Security, Application security
Founded	2006
Founder	Maty Siman (CTO), Emmanuel Benzaquen (Former CEO)
Headquarters	Atlanta, Georgia, US
Key people	Sandeep Johri (CEO)
Website	checkmarx.com

Background

Before founding Checkmarx, Maty Siman worked in the Mamram unit of the Israeli Defense Forces (IDF) and later in the Matzov unit. Then he worked a two years term until February 2006 as an advisor at the Israeli Prime Minister's Office.^[2]

History

Checkmarx was founded in 2006 by Maty Siman and Emmanuel Benzaquen.^[3][1]

In 2017, Checkmarx acquired Codebashing to add AppSec training.^[4] The following year, it acquired Custodela, DevSecOps consulting firm.^[5][6]

Checkmarx was acquired in April 2020 by Hellman & Friedman, a private equity firm with headquarters in San Francisco.

In August 2021, Checkmarx acquired Dustico, a software that detects backdoors and malicious attacks in the software supply chain.^[7][8]

In 2023, founder Emmanuel Benzaquen stepped down as CEO and was succeeded by Sandeep Johri.'^[9]

Research

Checkmarx maintains a research division, Checkmarx Zero, that has published findings on vulnerabilities and software supply chain risks:

• In 2019, researchers disclosed flaws in Google and Samsung Android camera apps that could enable remote surveillance.^[10]
• In 2022, Ars Technica reported a flaw in the Ring Android app that exposed sensitive user data.^[11]
• In 2025, Checkmarx reported malicious Python packages on PyPI designed to exfiltrate data.^[12]
• In 2025, Cybersecurity Dive reported survey data from Checkmarx indicating that 98% of organizations experienced breaches linked to software flaws.^[13]
• In 2025, ITProToday covered research warning that AI-generated code creates "blind spots" in DevSecOps.^[14]

Independent reporting on Checkmarx research also examined manipulation risks in AI coding agents via a "lies-in-the-loop" technique,^[15] alongside broader supply-chain findings in public repositories.^[16] Survey reporting highlighted that most organizations experienced breaches tied to vulnerable code amid growing adoption of AI development tools.^[17]

Funding

Checkmarx's early investors include Salesforce, which remains a partner as Checkmarx provides security reviews for the Salesforce AppExchange.^[18][19][20] In 2015, U.S. private equity and venture capital firm Insight Partners acquired Checkmarx for $84 million.^[20][1][3]

In April 2020, private equity firm Hellman & Friedman, alongside private investment firm TPG,^[21] acquired Checkmarx for $1.15 billion.^[1][3][22] After the acquisition, Insight Partners retained a minority interest in the company.^[1][23]

See also

• Security testing