Why Kiro and IDE-Native AppSec Matter 

New IDEs don’t change how developers think about security, they change how fast security problems appear. 

AWS Kiro is gaining attention because it fits neatly into modern development workflows: fast feedback, AI-assisted coding, and a familiar Visual Studio Code–based experience. But as with any productivity-focused IDE, increased speed also means increased risk. Code is written faster, dependencies are introduced more often, and vulnerabilities surface earlier in the lifecycle. 

That puts pressure on security tooling to meet developers where they already work. 

For developers and software builders  the requirement is straightforward: 
security controls must function inside the IDE, not downstream in CI/CD pipelines or external dashboards. Developers should be able to identify issues as code is written, understand the impact, and move forward without context switching. 

The good news is that adopting a new IDE like Kiro does not require rethinking your security tooling from scratch. If an IDE is built on VS Code foundations, existing IDE-native security workflows can carry over with minimal friction. 

This post walks through how to use Checkmarx inside AWS Kiro today, covering installation, configuration, and running real security scans directly in the IDE without relying on proprietary APIs, special agent commands, or experimental integrations. 

Installing the Checkmarx One Assist in Kiro 

Checkmarx One Assist is delivered to developers through the Checkmarx IDE extension, which can be installed directly in AWS Kiro. 

From within the Kiro IDE, open the Extensions view and search for Checkmarx. Install the official Checkmarx extension, which enables Checkmarx One Assist capabilities inside the editor. The same extension is used across supported VS Code based IDEs, allowing developers to bring Assist into their existing workflows without additional setup. 

After installation, the extension prompts you to authenticate and connect to your Checkmarx One environment. Once authenticated, Checkmarx One Assist becomes active for the open workspace, using your existing tenant configuration and security policies. 

No Kiro specific configuration is required. Assist operates within the IDE, analyzing the code and dependencies in your active project and providing security insight directly where development happens. 

With the extension installed and connected, Checkmarx One Assist is ready to support secure development inside Kiro. 

 
Getting Checkmarx One Assist Ready in Your Workspace 

Once the Checkmarx extension is installed, getting started with Checkmarx One Assist in Kiro is intentionally simple. 

After signing in to your Checkmarx One environment, the extension uses the open workspace in Kiro as the context for analysis. There is no need for developers to manually create or configure projects inside the IDE. Checkmarx One Assist analyzes the source code and dependencies present in the workspace and applies your organization’s existing security policies automatically. 

Security rules, thresholds, and policy logic are inherited from Checkmarx One, so developers do not need to manage or customize security settings locally. This keeps the experience lightweight while ensuring that the guidance provided by Assist aligns with how your organization defines risk. 

With authentication complete and a workspace open, Checkmarx One Assist is ready to provide security insight as developers write and review code in Kiro. 

Using Checkmarx One Assist During Development in Kiro 

With Checkmarx One Assist active in the workspace, security analysis becomes part of the normal development flow inside Kiro. 

As developers write or review code, Assist analyzes the source files and dependencies in the open workspace and surfaces security findings directly in the IDE. These insights are presented with context, including severity and location, helping developers understand potential risk without leaving their editor. 

Rather than acting as a separate security step, Assist supports developers as they work, highlighting issues early and reducing the likelihood of discovering problems later in the pipeline. Because the analysis is based on the current state of the workspace, the feedback developers receive is directly tied to the code they are editing. 

Checkmarx One Assist focuses on visibility and understanding. It helps developers identify insecure patterns and vulnerable dependencies as they appear, using the same policies and rules defined in Checkmarx One. This ensures that the guidance provided in Kiro reflects organizational standards without requiring developers to manage security settings themselves. 

By bringing security insight directly into the IDE, Checkmarx One Assist enables teams to move quickly while maintaining confidence in the code they are producing. 

Reviewing Assist Insights in Checkmarx One 

While Checkmarx One Assist delivers security insight directly in Kiro, the same findings are also available in Checkmarx One for broader visibility and coordination. 

As analysis runs against the code in the developer workspace, results are reflected in Checkmarx One, where AppSec and engineering teams can review findings across projects and contributors. This provides a centralized view of security risk without requiring developers to change how they work in the IDE. 

Checkmarx One preserves the context surfaced by Assist, including severity and vulnerability details, making it easier for teams to track patterns, understand risk trends, and align remediation efforts across the organization. Developers see issues as they write code, while security teams gain visibility into what is happening across repositories and teams. 

This shared visibility helps bridge the gap between development and security. Developers receive timely feedback inside Kiro, and AppSec teams retain the governance and reporting capabilities they need, all grounded in the same policies and analysis logic. 

By combining IDE level insight with platform level visibility, Checkmarx One Assist supports secure development without fragmenting workflows or forcing teams into separate tools. 

Bringing Security Into AI-Assisted Development with Kiro 

AI-assisted IDEs like Kiro are changing how developers write code. Faster iteration, smarter suggestions, and tighter feedback loops are becoming the norm. As development accelerates, security needs to keep pace without adding friction or slowing teams down. 

Checkmarx One Assist brings security insight directly into that workflow. By operating inside the IDE, Assist helps developers understand risk as code is written, using the same policies and standards defined across the organization. There is no need to wait for pipeline feedback or switch tools to gain visibility. 

With Checkmarx One Assist running in AWS Kiro, teams can adopt new development experiences with confidence, knowing that security remains part of the process from the first line of code.