Checkmarx One vs Contrast Security Assess comparison

Checkmarx One

Read 67 Checkmarx One reviews

31,565 Views
20,243 Comparison Views

86% willing to recommend

Contrast Security Assess

Read 11 Contrast Security Assess reviews

1,292 Views
790 Comparison Views

100% willing to recommend

Checkmarx One

Contrast Security Assess

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and Contrast Security Assess based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Checkmarx One vs. Contrast Security Assess Report (Updated: May 2024).

Buyer's Guide

Checkmarx One vs. Contrast Security Assess

May 2024

Download the complete report

Helped 787,061 peers since 2012

Categories and Ranking

Checkmarx One

Ranking in Application Security Tools

3rd

Ranking in Static Application Security Testing (SAST)

3rd

Average Rating

7.6

Number of Reviews

Ranking in other categories

Vulnerability Management (11th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)

Contrast Security Assess

Ranking in Application Security Tools

32nd

Ranking in Static Application Security Testing (SAST)

23rd

Average Rating

8.8

Number of Reviews

Ranking in other categories

No ranking in other categories

Market share comparison

As of June 2024, in the Static Application Security Testing (SAST) category, the market share of Checkmarx One is 10.2% and it decreased by 20.5% compared to the previous year. The market share of Contrast Security Assess is 0.5% and it increased by 35.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Unique Categories:

Application Security Tools

13.2%

Vulnerability Management

1.3%

Featured Reviews

Naveen Hariharan Vijaya

Security Consultant at IBM Thailand

Feb 9, 2024

A highly scalable solution that reduces workloads, saves time, and fixes loopholes and vulnerabilities swiftly

It is very easy for the analyst to have everything in a consolidated single pane of glass. Previously, they ran multiple tools. They used one tool for source code analysis and another for static code review. Then, I manually verified each result. Since we moved to Checkmarx, it has been very easy for the analyst. The tool gives us a shareable report that can be easily shared with management once the product is done. The solution’s performance and the consolidated information it provides are valuable. The platform is completely on the cloud. There are no scalability or connectivity issues. The platform is stable. It can be accessed from anywhere. We used open-source tools before. We had to deploy the tools in the customers' environment to establish the connection between the tools and their product application. Since Checkmarx is a SaaS-based platform, we need only the forward connection from Checkmarx to the tool. The tool handles everything else. We just need a single firewall rule to be enabled on the platform to establish the connection. The deployment is very simple. We need just one rule to forward the web application to Checkmarx. The scanning engine is very good. Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%. The tool has greatly reduced the time and effort our analysts need to do their tasks. It's very useful if we need to perform a short-term project. It is greatly helpful in fixing loopholes and vulnerabilities swiftly.

Read full review

AggelosKaronis

Senior Manager of Information Security at Kaizen Gaming

May 2, 2023

A cost-effective solution that is easy to implement and detects vulnerabilities within minutes of launch

We use the tool to evaluate our customer-facing apps. We analyze the request, identify the weak parts of the code, and remediate them. The product has helped us identify vulnerabilities. I am impressed with the product's identification of alerts and vulnerabilities. The product's retesting…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Helps us check vulnerabilities in our SAP Fiori application."

"The value you can get out of the speedy production may be worth the price tag."

"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."

"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."

"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."

"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."

"We use the solution to validate the source code and do SAST and security analysis."

"The administration in Checkmarx is very good."

More Checkmarx One pros

"The accuracy of the solution in identifying vulnerabilities is better than any other product we've used, far and away. In our internal comparisons among different tools, Contrast consistently finds more impactful vulnerabilities, and also identifies vulnerabilities that are nearly guaranteed to be there, meaning that the chance of false positives is very low."

"I am impressed with the product's identification of alerts and vulnerabilities."

"It is a stable solution...Contrast Security Assess is one of the first players in this market, so they have experience and customers, especially abroad. Overall, it's a good product."

"When we access the application, it continuously monitors and detects vulnerabilities."

"We use the Contrast OSS feature that allows us to look at third-party, open-source software libraries, because it has a cool interface where you can look at all the different libraries. It has some really cool additional features where it gives us how many instances in which something has been used... It tells us it has been used 10 times out of 20 workloads, for example. Then we know for sure that OSS is being used."

"No other tool does the runtime scanning like Contrast does. Other static analysis tools do static scanning, but Contrast is runtime analysis, when the routes are exercised. That's when the scan happens. This is a tool that has a very unique capability compared to other tools. That's what I like most about Contrast, that it's runtime."

"The solution is very accurate in identifying vulnerabilities. In cases where we are performing application assessment using Contrast Assess, and also using legacy application security testing tools, Contrast successfully identifies the same vulnerabilities that the other tools have identified but it also identifies significantly more. In addition, it has visibility into application components that other testing methodologies are unaware of."

"Assess has an excellent API interface to pull APIs."

More Contrast Security Assess pros

Cons

"The solution sometimes reports a false auditable code or false positive."

"They could work to improve the user interface. Right now, it really is lacking."

"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."

"The validation process needs to be sped up."

"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."

"The reports are good, but they still need to be improved considering what the UI offers."

"The solution's user interface could be improved because it seems outdated."

"It would be really helpful if the level of confidence was included, with respect to identified issues."

More Checkmarx One cons

"The out-of-the-box reporting could be improved. We need to write our own APIs to make the reporting more robust."

"I think there was activity underway to support the centralized configuration control. There are ways to do it, but I think they were productizing more of that."

"I would like to see them come up with more scanning rules."

"The solution should provide more details in the section where it shows that third-party libraries have CVEs or some vulnerabilities."

"The setup of the solution is different for each application. That's the one thing that has been a challenge for us. The deployment itself is simple, but it's tough to automate because each application is different, so each installation process for Contrast is different."

"The solution needs to improve flexibility...The scalability of the product is a problem in the solution, especially from a commercial perspective."

"Contrast's ability to support upgrades on the actual agents that get deployed is limited. Our environment is pretty much entirely Java. There are no updates associated with that. You have to actually download a new version of the .jar file and push that out to your servers where your app is hosted. That can be quite cumbersome from a change-management perspective."

"Contrast Security Assess covers a wide range of applications like .NET Framework, Java, PSP, Node.js, etc. But there are some like Ubuntu and the .NET Core which are not covered. They have it in their roadmap to have these agents. If they have that, we will have complete coverage."

More Contrast Security Assess cons

Pricing and Cost Advice

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."

"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

"It's relatively expensive."

"We have purchased an annual license to use this solution. The price is reasonable."

"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

"The solution's price is high and you pay based on the number of users."

More Checkmarx One pricing and cost advice

"For what it offers, it's a very reasonable cost. The way that it is priced is extremely straightforward. It works on the number of applications that you use, and you license a server. It is something that is extremely fair, because it doesn't take into consideration the number of requests, etc. It is only priced based on the number of onboarded applications. It suits our model as well, because we have huge traffic. Our number of applications is not that large, so the pricing works great for us."

"It's a tiered licensing model. The more you buy, as you cross certain quantity thresholds, the pricing changes. If you have a smaller environment, your licensing costs are going to be different than a larger environment... The licensing is primarily per application. An application can be as many agents as you need. If you've got 10 development servers and 20 production servers and 50 QA servers, all of those agents can be reporting as a single application that utilizes one license."

"You only get one license for an application. Ours are very big, monolithic applications with millions of lines of code. We were able to apply one license to one monolithic application, which is great. We are happy with the licensing. Pricing-wise, they are industry-standard, which is fine."

"The solution is expensive."

"The good news is that the agent itself comes in two different forms: the unlicensed form and the licensed form. Unlicensed gives use of that software composition analysis for free. Thereafter, if you apply a license to that same agent, that's when the instrumentation takes hold. So one of my suggestions is to do what we're doing: Deploy the agent to as many applications as possible, with just the SCA feature turned on with no license applied, and then you can be more choosy and pick which teams will get the license applied."

"The product's pricing is low. I would rate it a two out of ten."

"I like the per-application licensing model... We just license the app and we look at different vulnerabilities on that app and we remediate within the app. It's simpler."

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

787,061 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

15%

Manufacturing Company

Insurance Company

Financial Services Firm

17%

Computer Software Company

12%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The solution's price is high and you pay based on the number of users.

See all answers

What do you like most about Contrast Security Assess?

When we access the application, it continuously monitors and detects vulnerabilities.

See all answers

What is your experience regarding pricing and costs for Contrast Security Assess?

The product's pricing is low. I would rate it a two out of ten.

See all answers

What needs improvement with Contrast Security Assess?

Technical support for the solution should be faster. We have to further analyze what kind of CVEs are in the reported libraries and what part of the code is affected. That analysis can be added to ...

See all answers

Comparisons

SonarQube vs Checkmarx One

Compared 52% of the time

Veracode vs Checkmarx One

Compared 13% of the time

Fortify on Demand vs Checkmarx One

Compared 6% of the time

Snyk vs Checkmarx One

Compared 4% of the time

Coverity vs Checkmarx One

Compared 3% of the time

More Checkmarx One Competitors

Veracode vs Contrast Security Assess

Compared 18% of the time

Seeker vs Contrast Security Assess

Compared 17% of the time

Fortify WebInspect vs Contrast Security Assess

Compared 11% of the time

HCL AppScan vs Contrast Security Assess

Compared 10% of the time

SonarQube vs Contrast Security Assess

Compared 8% of the time

More Contrast Security Assess Competitors

Product Reports

Buyer's Guide

Checkmarx One

June 2024

Download Checkmarx One product report

Buyer's Guide

Contrast Security Assess

June 2024

Download Contrast Security Assess product report

Also Known As

No data available

Contrast Assess

Learn More

Checkmarx

Contrast Security

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Williams-Sonoma, Autodesk, HUAWEI, Chromeriver, RingCentral, Demandware.

Buyer's Guide

Checkmarx One vs. Contrast Security Assess

May 2024

Free Report: Checkmarx One vs. Contrast Security Assess

Find out what your peers are saying about Checkmarx One vs. Contrast Security Assess and other solutions. Updated: May 2024.

DOWNLOAD NOW

787,061 professionals have used our research since 2012.

See our Checkmarx One vs. Contrast Security Assess report.

See our list of best Static Application Security Testing (SAST) vendors and best Application Security Tools vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.