Case Study: Pismo achieves faster remediation SLAs and eliminates high/medium‑risk vulnerabilities with Checkmarx

Pismo Secures Its Software Development Pipeline With Checkmarx

Pismo is a cloud-native platform that provides APIs and back‑end infrastructure for banks, fintechs, and other companies to run digital banking and payments. Facing the need to “shift left” on security, the company created a Red Team/DevSecOps function to improve AppSec processes, adopt scalable developer‑friendly tools, and enforce early detection and remediation of vulnerabilities across its repos.

Pismo selected Checkmarx SAST and SCA (deployed with partner NOVA8), integrating scans with bug tracking and automating ticketing and pipeline blocking in a phased rollout. The solution drove strong developer adoption, cut the SAST remediation SLA to 14 days, eliminated high‑ and medium‑risk vulnerabilities, reduced unpatched issues, and produced executive‑facing metrics demonstrating clear risk reduction and ROI.

Pismo

Ubirajara Aguiar Jr.

Tech Lead, Red Team