Sold by: CheckmarxÂ
Vendor Insights
Codebashing is the ultimate in developer security awareness and training. Empowering developers to think and act securely in their day-to-day work, Codebashing is a hands-on, interactive solution that fits into developers' daily routines. Bite-sized, on-demand, and relevant, Codebashing focuses on the challenges developers face every day with training that creates a community for epic coders.
Overview
Codebashing is a secure code training platform developers actually enjoy! Engaging, effective, and fun, Codebashing empowers developers to write secure code quickly with bite-sized, gamified lessons (5 minutes) that allow them to wear the hackers hat.
With Codebashing, companies can raise the baseline security knowledge across the entire development team in a fast, scalable, and positive way. Preparing developers for the long term by teaching them how to think and act with a secure mindset. Security managers can create and sustain an open channel of communication, keeping developers up-to-date on the latest vulnerabilities news and activities. Managers have full control and visibility - they can easily assign specific programming language courses to their team and continuously track their progress. Managers can also engage their developers in tournaments and other events, fostering learning through friendly competition.
Its just-in-time training approach educates developers on the specific challenges they are facing, as they are facing them. From spotting the latest vulnerabilities, to how to act on them and defend their code - with Codebashing they only have to code one.
A Checkmarx company, leaders in application security for 15 years, Codebashing has security in its DNA. Built by the best security developers, for developers that want to be the best, Codebashing is the preferred developer security training solution for next-generation developers.
Highlights
- Write secure code, faster - identify common vulnerabilities and their fixes right when you need them
- No more boring training - our super snackable lessons are fun and fit into your daily routine
- Just-in-time training that integrates with Checkmarx SAST, where you can automatically link to relevant Codebashing lessons
Details
Sold by
Categories
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(3)
ISO27001
GDPR
FedRAMP
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
x 50 Users | Price per 50 users | $18,000.00 |
x 100 Users | Price per 100 users | $36,000.00 |
x 250 Users | Price per 250 users | $90,000.00 |
Vendor refund policy
No refunds
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Checkmarx technical support, online support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Fortinet Inc.
Top
100
In eLearning
Top
25
In Continuous Integration and Continuous Delivery
Top
25
In Cloud Governance
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Interactive Learning Platform
Gamified, bite-sized security training modules designed for developers with 5-minute interactive lessons
Vulnerability Detection Training
Hands-on training focused on identifying and addressing common security vulnerabilities in code
Language-Specific Security Courses
Customizable programming language-specific security training modules assignable by security managers
Real-Time Vulnerability Education
Just-in-time training approach that provides immediate security insights during code development
Security Awareness Integration
Training platform that seamlessly integrates with static application security testing (SAST) tools for comprehensive security learning
Application Security Scanning
Continuous end-to-end security scanning across source control, CI/CD, registry, and cloud environments with real-time monitoring
Vulnerability Prioritization
Advanced threat assessment using contextual analysis of vulnerability exploitability, reachability, and business impact
Pipeline Security Tracking
Proprietary Pipeline Bill of Materials (PBOM) framework for tracking complete software lineage and ensuring build integrity
Automated Remediation
No-code workflow capabilities for automatically blocking vulnerabilities, risky code, and configuration changes
Software Supply Chain Protection
Comprehensive security coverage across software development lifecycle with integrated risk prevention mechanisms
Code Security
Integrated code security with Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Infrastructure as Code (IaC) security with continuous runtime application behavior monitoring
Cloud Security Posture Management
Robust Cloud Service Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM) with attack path analysis and visualization of interconnected infrastructure risks
Cloud Infrastructure Entitlement Management
Comprehensive visibility and assessment of AWS IAM users, groups, roles, policies, and machine entitlements with automatic discovery and excessive permission identification
Behavioral Analytics
Continuous monitoring of AWS workloads using advanced anomaly detection techniques with comparison of past and present states to identify unusual behaviors
Threat Correlation
Automated correlation of multiple security alerts into high-confidence composite alerts using behavioral analytics, anomaly detection, and threat intelligence from AWS CloudTrail and GuardDuty
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
13 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Tharindu Malwenna
Developers have improved vulnerability awareness but require more customizable training options
Reviewed on Oct 17, 2025
Review provided by PeerSpot
What is our primary use case?
I have used SonarQube as a community product for static application security testing as well as quality gate checking for the organization. Now I have retired the community edition of SonarQube and I am currently working with Checkmarx for a proper solution.
In my current license configuration, I have Codebashing , secret scanning, and SAST .
Codebashing is solely purposed for training our developers regarding the vulnerabilities we have, and it has seamless integration within Checkmarx. I am running a security champions program which leverages Codebashing platform itself.
How has it helped my organization?
Codebashing serves as a baseline for developers, though not many advanced techniques are available. In the tournament phases, it mostly resembles a Kahoot tournament, so having more CTF capabilities within the platform would be beneficial.
The statistics are really good for the developers after we deployed Codebashing. When people do not know anything regarding a vulnerability, they can gain a basic idea of what that vulnerability is and how they can mitigate things. There are some lacking vulnerabilities in Codebashing platform itself, making it both advantageous and disadvantageous.
What is most valuable?
The best features of Codebashing are the skill trees and the way I can impose trainings for the developers, which is highly effective.
What needs improvement?
It would be beneficial for Codebashing platform if we were able to quickly customize the questionnaires. Currently, we have to work with predefined questionnaires or utilize another language to create quizzes. I would prefer having a GUI for that aspect so I can provide tailor-made questionnaires for the developers, allowing me to utilize Codebashing platform entirely instead of depending on other solutions.
For how long have I used the solution?
I have two years of experience with Checkmarx.
How are customer service and support?
With Codebashing solution, we had a couple of complications, such as account configuration issues. Because we are currently in the initial stages, the support is really good, but we have to wait and see.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Initially, we had Contrast Security, and comparing with that, the coverage against the cost shows that Checkmarx is doing a good job.
How was the initial setup?
Codebashing and Checkmarx SASTÂ are really easy to set up; it is a matter of figuring out the SSOÂ configuration from our end. The rest of the things are currently using the SaaS solution provided by Checkmarx, so the initial setup phase is straightforward.
Scanning the entire organization takes time, which was one of the challenges we faced during the initial phase. To overcome such issues, we had to write scripts as workarounds.
What was our ROI?
With Codebashing we can see a clear difference; the vulnerability fixing ratio became 160% per month, and the density counts started reducing after implementation.
Which other solutions did I evaluate?
Based on the coverage we receive when comparing it with the IAS tool and the options we receive, such as ID integrations and direct impact on pull push requests, the pricing is much lower than IAS.
What other advice do I have?
I am not familiar with Codebashing updates frequency. We bought it through an agent. On a scale of 1-10, I rate this solution a 7.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
UTSAV A.
Fabulous
Reviewed on Aug 05, 2024
Review provided by G2
What do you like best about the product?
Very easy to understand and easy to manage the graphic interface
What do you dislike about the product?
Nothing as of now. I will say need to use this once
What problems is the product solving and how is that benefiting you?
If we talk about other product this product is easy to handle and manage
Gaurav P.
A all in one Secure training platform for Developers and IT professionals
Reviewed on Jul 12, 2024
Review provided by G2
What do you like best about the product?
The Training modules it has are very interactive helping users to detect and remediate issues . Covers all OWASP top 10 along with various other security test cases.
What do you dislike about the product?
Cost consideration . Bit of customization challenges to the content .
What problems is the product solving and how is that benefiting you?
Shift Left where in developers need to be aware of secure coding practices . THis is where Checkmarx COdebashing is a boon . Comprehensive training plan , Material and content aim at assisting teams to understand basic concepts and help to mitigate security flaws well ahead of production.
Taniya Roy
Has good stability and availability of comprehensive documentation
Reviewed on Jan 09, 2024
Review provided by PeerSpot
What is our primary use case?
We have been using the product for code-scanning purposes.
What is most valuable?
The platform is simple, easy to use, and easy to learn. It has comprehensive guidelines and a lot of documents and videos for an easy installation process. Apart from some default rules, it allows users to configure their own rules. Also, it is easy to configure as it has an extensive library for reference.
What needs improvement?
The product's pricing could be more flexible. At present, we have to buy an entire instance. Instead, they could introduce a pricing model based on specific requirements.
For how long have I used the solution?
We have been using Codebashing for three to four years.
What do I think about the stability of the solution?
The platform has good stability.
What do I think about the scalability of the solution?
Codebashing's cloud version might be more scalable than the on-premise version.
How was the initial setup?
The initial setup process is easy. It takes little time to complete for new users as well. However, it might take time if the infrastructure still needs to be implemented.
What other advice do I have?
Sometimes, Codebashing provides reports with false positives. Thus, I advise others not to rely on the reports and to do a thorough analysis. They may require to change a few configurations. Configuring your own rules is better than going for a default configuration.
I rate it an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Consumer Services
Best tool to learn and upskill yourself
Reviewed on Nov 09, 2023
Review provided by G2
What do you like best about the product?
The easiest ways and examples to learn coding and implementation
What do you dislike about the product?
The cost factor is one can be improved a bit
What problems is the product solving and how is that benefiting you?
Upskilling in careere by learning secure coding helped me in promotion as well