Archipelo and Checkmarx Announce Partnership Connecting AppSec Detection with DevSPM

The rapid adoption of AI‑assisted coding tools has reshaped software delivery, but it also introduces new layers of risk that traditional application security platforms struggle to surface. While static and dynamic scanning can flag vulnerable code, they rarely reveal the human or machine actions that introduced the flaw. Developers and security teams now demand granular provenance data—who authored a change, which AI model suggested it, and under what pipeline conditions—to make informed risk decisions.

Archipelo’s DevSPM technology captures these creation‑time signals across source‑control and CI/CD environments, mapping each code commit to its originating identity and tooling. Checkmarx’s ASPM layer, meanwhile, aggregates vulnerability findings and prioritizes remediation across the entire application portfolio. By integrating the two, the partnership delivers a unified view where each security alert is enriched with actionable context, allowing teams to pinpoint the exact change, the responsible developer, and any AI assistance involved. This correlation reduces the time spent on forensic analysis and enables remediation strategies that target root causes rather than symptoms.

For enterprises racing to maintain velocity while safeguarding code, the combined solution offers a strategic advantage. It aligns with emerging governance frameworks that emphasize traceability and accountability in AI‑driven development. The upcoming March 11 webinar will provide a deep dive into implementation best practices, showcasing real‑world use cases and ROI metrics. As regulatory scrutiny intensifies around AI‑generated code, partnerships like Archipelo‑Checkmarx set a precedent for embedding provenance into the core of modern AppSec ecosystems.