.png)
No Custom Infrastructure Required: How Checkmarx Took Its SaaS Platform On-Prem
“We have a SaaS product, and we need to bring it on-prem to customer environments that will never move to the cloud. Replicated was exactly what we needed.”
.png)
Overview
Checkmarx is an application security platform that helps organizations identify, prioritize, and remediate risk across the software development lifecycle, from code to cloud.
As Checkmarx modernized its platform with CX One, a multi-tenant SaaS architecture, the company also needed to continue supporting customers operating in highly regulated, tightly controlled environments. These customers require self-hosted, customer-managed deployments that meet strict compliance and security requirements and, in many cases, will never fully move to cloud-only delivery.
Replicated provides Checkmarx with the foundation to deliver its modern platform into those environments without rebuilding complex delivery infrastructure or diverting engineering effort away from core application security innovation.
Challenge
Checkmarx has a large base of customers operating in highly regulated, tightly controlled environments where cloud-only delivery is not an option. While many organizations are moving to cloud infrastructure, Checkmarx knew from experience that a segment of the market would never fully transition.
“There will always be a corner of the market that just never moves,” said Ken MacDonald, Distinguished Software Architect at Checkmarx. “Highly regulated, tightly compliant environments still need something that runs in their own infrastructure.”
At the same time, delivering software into customer-managed environments was becoming more complex. As Checkmarx modernized its platform with CX One and adopted Kubernetes, installation and operational complexity increased significantly.
“Kubernetes is horribly complex,” MacDonald said. “We struggled deploying and managing it ourselves.”
“Kubernetes is horribly complex. We struggled deploying and managing it ourselves.”
Checkmarx had already experienced the long-term cost of building and maintaining its own installers for on-prem deployments.
“We lived through that pain,” MacDonald said. “And we’re still living through it because that product line still exists.”
As Checkmarx looked to support customer-managed deployments of its modern platform, the team needed a way to avoid repeating those mistakes without forcing AppSec teams and CISOs to become Kubernetes experts just to run a security product.
Solution
To support customer-managed deployments of its modern platform without repeating the operational mistakes of the past, Checkmarx partnered with Replicated to handle distribution, installation, and lifecycle management.
For MacDonald, the decision ultimately came down to focus.
“This is exactly the kind of thing you should outsource,” he said. “It’s not your business domain.”
Replicated enables Checkmarx to deliver its SaaS platform into customer-controlled environments while abstracting away the complexity of Kubernetes, installation workflows, and operational edge cases. Rather than forcing customers to interact directly with infrastructure, Replicated provides an installer-like experience that feels familiar and approachable. This approach allows Checkmarx to deliver an application security platform to application security teams, without turning those teams into Kubernetes administrators.
“I want to deliver an AppSec solution to AppSec people,” MacDonald said. “I don’t want them to become DevOps or Kubernetes administrators.”
Replicated also provides the visibility and tooling Checkmarx needs to support customer-managed environments over time, without expanding internal engineering and support burden.
“Let your engineers focus on building business capabilities,” MacDonald said. “Let a professional deal with the intricacies of managing Kubernetes under the covers.”
Beyond the technology itself, the partnership mattered.
“Everyone at Replicated was responsive and worked with me,” MacDonald said. “I came in knowing this was the solution we needed, and they helped us push it forward.”
Results
With Replicated, Checkmarx established a sustainable path for delivering customer-managed deployments of its modern platform, without repeating the costly mistakes of its legacy on-prem delivery model.
As a result, Checkmarx achieved:
- Continued support for regulated and compliance-driven customers. Enabling delivery of CX One into environments that will never move to cloud-only SaaS, without compromising security or compliance requirements.
- Elimination of custom installer development and maintenance. Avoiding the long-term engineering and operational burden of building, evolving, and supporting bespoke deployment tooling.
- Reduced operational complexity for customers. Abstracting Kubernetes and infrastructure details behind a familiar, installer-like experience so AppSec teams can focus on security, not platform operations.
- Greater internal focus on core application security innovation. Allowing engineers to prioritize business-critical capabilities rather than managing distribution edge cases and deployment mechanics.
By standardizing customer-managed delivery on Replicated, Checkmarx can modernize its platform while meeting customers where they are without sacrificing focus or velocity.
”I still don't see a competitor that really steps toe to toe with Replicated.”
.svg)
.png)