Checkmarx One Reviews

Name: Checkmarx One
Brand: Checkmarx
Rating: 4 (70 reviews)

Vendor: Checkmarx

3.8 out of 5

70 reviews
86% willing to recommend

4,276 followers

Post review

What is Checkmarx One?

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Get the Checkmarx One Buyer's Guide and find out what your peers are saying about Checkmarx One, SonarQube Server (formerly SonarQube), Veracode and more!

Checkmarx One is the #2 ranked solution in top Static Code Analysis solutions, #2 ranked solution in API Security Solutions, #2 ranked solution in top DevSecOps solutions, #3 ranked solution in application security solutions, #3 ranked solution in AST tools, #5 ranked solution in top Risk-Based Vulnerability Management solutions, and #16 ranked solution in top Vulnerability Management solutions. PeerSpot users give Checkmarx One an average rating of 7.6 out of 10. Based on the analysis of the 70 most recent Checkmarx One reviews, the overall sentiment is positive, with a sentiment score of 7.9. (Among the highest in the category). Checkmarx One is most commonly compared to SonarQube Server (formerly SonarQube): Checkmarx One vs SonarQube Server (formerly SonarQube). Checkmarx One is popular among the large enterprise segment, accounting for 71% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 21% of all views.

Helped 814,572 peers since 2012

Featured reviews

Rohit Kesharwani

Manager, Engineering at 7-Eleven.

We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…

Read full review

ScottDenton

Senior regional manager at AppDome

The interactive application security testing, or IAST, where code scans are being ran on an application that lives in a runtime environment on a server or virtual machine, needs improvement. There was limited support from different languages. It didn't support everything under the sun, so you would lose revenue since you didn't have support for Scala or some other language that your developer was fluent in. They needed to improve on language support. That is about it, really. The dev team did everything that they said they were going to do. If they said they were going to hit a mark, they'd hit a mark. That release would come out. Typically, they would do four major releases a year, quarterly, with two-point releases in between, or based on any additional hotfixes that may be needed. In most cases, however, IAST was the part of the product that needed to be improved the most. Codebashing is a really cool product from the aspect of teaching developers how to write secure code. However, it would be even cooler if you could not only point out and teach someone how to do it while also making the appropriate recommendation on how to rewrite the code itself, using machine learning or AI. Instead of you, the developer learning how to do it and then writing the code yourself, it'd be cooler if you could push a button, have it analyzed, scans the code, find the code, find the issue within the line of code, and then go ahead and automatically rewrite that code for you. Then, by repetition, it just teaches you through muscle memory how to do that as opposed to, "Hey, you've found this problem. This is where the problem's located, within this particular line of code." Right now, do you know how to rewrite Java? Well, if you're not familiar with how to do that, then go push on this button. Now, take this test and go through this exercise.” It doesn't make a recommendation. It's not like providing a script that fixes the problem. It's just teaching you on how to write the code in that form in that manner.

Read full review

Souhardyya Biswas

Software Engineer at a manufacturing company with 10,001+ employees

A non-developer may struggle with the solution. Codebashing is the learning platform that comes bundled with Checkmarx. The thing with Codebashing is that they give you tips on how to write secure code. However, I saw other developers complain about this. Instead of telling you what the good practices are, it would be more helpful, when we are writing the code, alongside that code, to have Codebashing tell us where exactly we are going wrong and how to help secure code and if there are specific scenarios we should be considering. Basically, the integration needs to be better. There's a general lack of space. Checkmarx has a slightly difficult compilation with the CI/CD pipeline. If it could be easily integrated into the CI/CD pipeline, then it would be much easier for developers rather than being an extra step that developers have to take to make the code secure.

Read full review

Checkmarx One mindshare

Product category:

As of November 2024, the mindshare of Checkmarx One in the Application Security Tools category stands at 12.9%, down from 15.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

Key learnings from peers

Last updated Oct 10, 2024

Valuable Features

Checkmarx One is valued for its user-friendly interface, efficient vulnerability pinpointing without the need for compilation, comprehensive scanning across languages, and integration with key platforms like Git and Jira. It excels in providing clear, actionable remediation guidance and reduces false positives. Its features like Best Fix Location, Jenkins Plugin, and incremental scanning enhance security across the SDLC. Users appreciate its ease of setup, rapid scanning, and centralized reporting functionality.

"Checkmarx offers many valuable features, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IAC), Supply Chain Security, and API Security."
"The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process."
"The tool's valuable features include integrating GPT and Copilot. Additionally, the UI web representation is very user-friendly, making navigation easy. GPT has made several improvements to my security code."

Room for Improvement

Checkmarx One needs improvements in several areas. False positives reduction and reporting enhancements are required. Support for more languages, better integration with development environments, and improvements in dynamic testing are essential. Licensing and pricing flexibility are necessary. User interface upgrades and more training resources are needed. Role management and dashboard customization should be improved. Checkmarx One should expand application language support and integration with cloud platforms, addressing high hardware requirements and cumbersome installation processes.

"The Dynamic Application Security Testing (DAST) feature should be better."
"Checkmarx needs improvement in its Dynamic Application Security Testing (DAST) and API security features."
"I can't create a business case with multiple-factor authentication."

ROI

Checkmarx One enhances development speed by identifying and addressing issues during progress, saving troubleshooting costs. Users report that it expedites moving applications to production by reducing security check times. Its cost-effectiveness helps minimize the expenses related to potential breaches and vulnerabilities. Some users quantify returns in security aspects like PCI, while others note the inability to specify exact numbers. Faith in Checkmarx One's capabilities leads to multi-year commitments despite some not yet experiencing returns.

Pricing

Pricing for Checkmarx One is generally considered high, often cited as more expensive compared to competitors. Licensing is complex, with costs influenced by user number, language coverage, and additional modules. Although seen as a worthwhile investment due to the strong application security features it offers, flexibility in licensing could be improved. Negotiations may lead to favorable terms, reducing costs. Annual expenses range from $75,000 to $150,000, potentially reaching $500,000 for large enterprises.

"For around 250 users or committers, the cost is approximately $500,000."
"The tool's pricing is fine."
"The solution's price is high and you pay based on the number of users."

Popular Use Cases

Organizations primarily utilize Checkmarx One for static application security testing, evaluating vulnerabilities in source code. It integrates with development workflows to identify code flaws during application development phases, allowing teams to detect and address potential security vulnerabilities early. By scanning source code, it helps meet compliance requirements, enhance code quality, and enable secure coding practices. Often deployed in cloud or on-premises environments, it works well with various SCM solutions like Git and CI/CD tools.

Service and Support

Checkmarx One's customer service and support receive praise for quick responses and knowledgeable teams. The technical support is responsive and skilled, often resolving issues swiftly. Some note delayed responses, but most appreciate the expertise provided. Adequate coverage is offered through increased team sizes in regions like India. The support structure includes customer success managers, ensuring dedicated attention to client needs. Improvements in SLA and 24/7 availability further enhance user satisfaction.

Deployment

The initial setup of Checkmarx One is generally easy and straightforward. Many users find it user-friendly with clear documentation. Some mention it taking from 15 minutes to a few hours. A few find it complex due to specific configurations or large deployments, requiring technical expertise. For cloud versions, setup is simpler. Technical support is often needed for advanced setups. Instances exist where the deployment took longer due to environment-specific challenges.

Scalability

Checkmarx One's scalability is highly praised, with users finding it easy to scale with minimal issues. It efficiently handles multiple instances and user expansion. While some mention it requires substantial memory and license management for scaling, others highlight its capability to handle large codebases and concurrent scans. Users appreciate its cloud-based flexibility, though a few note that license limitations can affect scaling at an enterprise level. Ratings often fall between six and ten for scalability.

Stability

Checkmarx One is generally perceived as stable, though there are mixed opinions. Many find it reliable with no major issues, while some face stability challenges when scanning large files due to memory consumption. Occasional crashes and performance slowdowns during incremental scans are reported. Ratings for stability range between 6 to 10 out of 10. It requires proper configuration to avoid misperceptions of instability, and some stability concerns arise with handling extensive code bases.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Checkmarx One Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

15%

Manufacturing Company

10%

Government

Insurance Company

Healthcare Company

Energy/Utilities Company

Retailer

Educational Organization

Media Company

Logistics Company

University

Comms Service Provider

Construction Company

Non Profit

Real Estate/Law Firm

Transportation Company

Legal Firm

Outsourcing Company

Hospitality Company

Wholesaler/Distributor

Pharma/Biotech Company

Engineering Company

Recreational Facilities/Services Company

Consumer Goods Company

Performing Arts

Compare Checkmarx One with alternative products

Learn more about Checkmarx One

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.