Checkmarx launches AI inventory for enhanced application security

Checkmarx has launched Checkmarx AI Inventory within the Checkmarx One platform, adding visibility and tracking for AI components such as models, agents, MCP servers, and libraries used in software development.

Checkmarx has introduced Checkmarx AI Inventory as part of the Checkmarx One platform. The feature extends existing AI Supply Chain Security capabilities by providing ongoing visibility into AI components used within applications, including models, agents, MCP servers, and libraries.

AI adoption in production environments is increasing quickly, while organisational governance structures are not always keeping pace. Research, including findings from MIT’s Project NANDA, indicates that many employees use personal AI tools at work. In addition, although many development teams expect to deploy AI components by 2026, a substantial proportion currently do not have formal governance processes in place to manage their use.

This gap can create challenges during audits or when responding to customer or regulatory questions about AI model usage. Traditional software tracking methods may not fully address the specific requirements of monitoring AI components.

As part of its AI Supply Chain Security offering, AI Inventory works alongside hybrid scanning engines for Code Security, Runtime Security, and Software Supply Chain Security. It identifies AI components using deterministic analysis and links them to specific files and lines of code to support traceability for audit purposes.

Through a centralised platform, teams can manage AI components across their systems. Key functions include:

  • Mapping and cataloguing AI components such as models and libraries across repositories, with updates applied on each commit
  • Applying policy controls to restrict unapproved AI components from progressing through pull requests and CI/CD pipelines
  • Generating AI-BOM documentation aligned with CycloneDX 1.7 standards for audit and assessment purposes

This inventory is designed to support tracking and documentation of AI components in line with evolving regulatory frameworks such as the EU AI Act and the NIST AI Risk Management Framework.

An examination of how Atlassian’s Rovo and Teamwork Graph introduce AI-driven automation into...
Perforce Software has introduced updates to its DevOps tech stack, adding new tools for AI...
CoreWeave partners with Conapto to strengthen its AI infrastructure in Stockholm, powered by...
Toby Weiss steps in as CEO of Securonix, aiming to enhance security operations amid evolving...
AI adoption in workplaces is accelerating but employees lag in readiness, revealing a pressing need...
Schneider Electric partners with Foxconn to develop AI data centres, aiming for speed, efficiency,...
Kyndryl extends its partnership with AWS to support global AI adoption.
Lenovo's new Hybrid AI Advantage introduces AI innovations that aim to enhance deployment...