Checkmarx - Codebashing

Checkmarx is the global leader in software security solutions for modern enterprise software development.

The Summary

Codescrum scaled the online training platform called Checkmarx Codebashing from the minimum viable product to a global leading product over 4 years, helping to generate total value for the investors in excess of 1 billion dollars.


To solve the technical challenges to scale a minimum viable product into a global leading product.



To work with dedication and ingenuity, initially with the founders, and subsequently with the product owners as part of the Codebashing team being responsible for the technical delivery of the product.



Built the backend product that secured Codebashing as a leader in the market and that became one of the four core products that helped Checkmarx achieve an exit for 1.5 billion USD.

Codescrum team was an integral part of Codebashing journey, right from its beginning as a small product with a handful of customers, to an enterprise grade product serving hundreds of customers.
In spite of the different geographical location, it was very easy to work with the team: the communication was very open and transparent, the team was always very responsive and attentive to our objectives and needs.
In general the team demonstrated high responsibility and ownership on the product: raising flags when needed, addressing high priority issues on time, asking the right questions to make sure that the features were defined correctly and putting the required effort in understanding the business model and come up with ideas and solutions.
Technically speaking, the Codescrum team is very professional and skilled, and were able to deliver their tasks as committed, on time and with high quality.

Sharon Uda

Head of Codebashing

The Challenge

To scale the online training platform called Checkmarx Codebashing from the minimum viable product to a global leading product over 4 years, helping to generate total value for the investors in excess of 1 billion dollars.

The Start of a Successful Partnership

In the Summer of 2016, Gyan Chawdhary and John Yeo, founders of Codebashing, selected Codescrum to help them make their software product robust and scalable.

Gyan was impressed by the engineering focus and attention to detail of Codescrum that set it apart from other larger agencies where multiple levels of management were in the way of rapid product development.

Checkmarx is trusted by more than 40 percent of the Fortune 100 and half of the Fortune 50, including leading organizations such as SAP, Samsung and

Key Challenges for Global Scale

During nearly four years Codescrum developed the backend product from an initial minimum viable product pre-revenue to a global product used by millions of developers worldwide.

Some of the key challenges solved by Codescrum were:

  • Initial Automation of Content Generation Management.

  • Scaling and Securing the Platform for New Clients.

  • Gamification of the Platform.

  • Integration with Client’s Authentication Solutions.

  • Decoupling of Content Generation.

  • Custom Client Integrations for Key Customers.

  • Team Management and Team Reporting Features.

Initial Automation of Content Generation Management.

At the very beginning of our involvement, the platform required repeated coding for the introduction of content into the platform, making it difficult to introduce new courses and learning modules.

Our first task was to organize the project and make it capable of working with less manual overhead for adding new courses, including the fact that upon introduction, these new contents would need to go into the customer's analytics dashboards for tracking.

Scaling and Securing the Platform for New Clients

In its first stages, the platform required to be deployed independently for every customer in environments with single machines. This meant that onboarding customers was extremely time-consuming due to the manual tasks involved in putting the system to work for each customer.

One of the most decisive tasks for scaling this product was to make it possible for the platform to onboard customers into a single unified multi-tenant service which wouldn't require creating any servers by hand.

We were able to architect the solution to use a handful of nodes instead of requiring dozens of servers maximizing the use of computing resources on AWS, while keeping the data completely separate into many different databases, with a centralized customer management application which we also custom-built for our client.

Customizing and turning features on/off was also introduced for incremental rollouts of new versions as well as to adapt to particular use cases for different types of enterprise customers.

Gamification of the Platform

It was very important for our stakeholders to keep customers and their developers engaged with the product in order to make training an enjoyable experience while complying with internal security procedures. Rankings, badges, reminders and challenges were decisive features of the product to set it apart from typical security training and other compliance solutions available.

Integration with Client’s Authentication Solutions

Another key feature for enterprise customers was custom authentication. As customers grew in size, it became unmanageable for them to even bulk-invite them to use the product, so we also built a customizable SSO feature for customers to use their own (such as Okta, OneLogin, etc.), in this way they would automatically feed their users into the application, such that they could choose to use regular invites or SAML/ADFS.

Separation of Content Generation

As the needs of our customers became more complex, a content management system was designed and implemented to fulfill the requirements of a newly introduced team that would focus on the content generation aspect of the platform. We worked remotely with this team to support the new content generation workflow adopted by our customer.

Custom Client Integrations for Key Customers

Integrations for very large clients were also tailor-made depending on the client's specific requirements, being integrated with LMS systems or requiring specific API endpoints to connect their systems. Supporting special custom content was also within the capabilities of the system.

Team Management and Team Reporting Features

Near the end of our involvement, we built team management and e-learning tracking features which validated the actual learning and competences of the developers trained by the platform.


Product Success and the Multiple Acquisitions

The Codebashing platform was successful very quickly and gained prominent clients rapidly. The support from Codescrum was essential to maintain the success and increase the company valuation multiple times.

On July 24, 2017 [1][2], Codebashing was acquired by Checkmarx for between 5 and 10 million USD, and from this point Codescrum built a considerable amount of features, most of them geared towards client administrators to be able to onboard, organize, engage and evaluate progress and compliance of their developers through online security courses.

On March 15, 2020 [3], Hellman & Friedman acquired Checkmarx at a $1.15 billion USD and Codescrum provided documentation and executed a handover of the Codebashing product to Checkmarx.


[1] Israel’s Checkmarx Acquires UK’s ‘Codebashing’

[2] Checkmarx snaps up Codebashing to boost secure coding development

[3] Insight Partners sells security firm Checkmarx to Hellman & Friedman for $1.15B

Client Location

London, UK, Tel-Aviv, Israel.


3 codescrumers


July, 2016 - April, 2020

Technologies & Integrations

Ruby/Rails, SAML (Okta, OneLogin, and others), AWS (EC2, ECS, Route53).

The support from Codescrum was essential to maintain the success and increase the company valuation multiple times.

How can we help you?

By submitting your contact information you agree to our  Codescrum Privacy Policy