We performed a comparison between Checkmarx One and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features is it is flexible."
"The UI is user-friendly."
"We use the solution to validate the source code and do SAST and security analysis."
"The most valuable feature is the simple user interface."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The report function is the solution's greatest asset."
"Automatic scanning is a valuable feature and very easy to use."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"The interface is easy to use."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"Simple to use, good user interface."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"Fuzzer and Java APIs help a lot with our custom needs."
"It has improved my organization with faster security tests."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"The reports are good, but they still need to be improved considering what the UI offers."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"It needs more robust reporting tools."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"Sometimes, we get some false positives."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"It doesn't run on absolutely every operating system."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Checkmarx One is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Fortify Application Defender, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Fortify WebInspect. See our Checkmarx One vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.