Checkmarx One Reviews

We have been using this product extensively for a lot of applications to identify as well as employ proper remediation which makes the application secure including information issues which might get neglected with a manual code review process.

Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application. It therefore makes it easier to identify these as well as fix them.

Checkmarx has the detailed description of all the vulnerabilities which it identifies after the source code scan. These descriptions are just a click away. Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed.

We have not yet encountered any stability issues.

The solution provides high scalability. I am not sure about the limit of scans but it is sufficiently high. However, the issues which we faced were related to database backup. Unfortunately, Checkmarx doesn't do any automated backups which is quite inconvenient.

I would rate the technical support as average. We never had to communicate much with the technical team but based on my knowledge the response from their end was delayed.

I am not aware of any previous solutions.

The setup was straightforward.

It is a good product but a little overpriced.

I don't have much idea about other options since the organization had already purchased the product before I joined.

Better to look out for other products available in the market as well.

They're all as valuable as each other.

We have used this product to verify the dev department's code in order to minimize security holes.

It needs better role management.

I've used it for three years.

No issues encountered.

No issues encountered.

No issues encountered.

It's very good.

It's very good.

This is the only solution I have used.

Very straightforward.

I implemented it myself.

Licensing is expensive per X amount of lines in the code.

No other options were evaluated.

We onboard clients with the solution. We install the product and do the first scan with them. We help developers with security and the best practices with their applications with this solution.

The most valued feature comes within the platform called Codebashing, it allows scanning code for security flaws. Our clients are able to learn from these scans and develop more secure code. The solution is easy to configure and user friendly as well. They also have support for a large variety of languages compared to other solutions and the product updates continuously.

I would like to see the DAST solution in the future. 

We have been using the solution for one year.

We had no issues and it has always worked at a top level of performance.

The solution is easy to intergate. It is plug and play and intergrates well with the pipeline and DevSecOps. Our main client is a big company and the solution works well.

The support is excellent.

The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all.

The product saves you money by minimizing the time needed to figure out how to mitigate the problems by using such features such as The Best Fixed Location and the flow charts.

We evaluated Veracode before choosing Checkmarx.

Depending on the client, we could deploy the solution on the cloud or on-premise. I would recommend Checkmarx because you can learn from the scanning done. They have some of the best features which make the product wonderful. 

I rate Checkmarx a ten out of ten.

Checkmarx is used for application security, we can detect the stability and other details on how to fix issues.

The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results.

Checkmarx could improve the speed of the scans.

I have been using Checkmarx for approximately half a year.

We have five people in our company that uses Checkmarx, we do not plan to increase usage.

I have used the support from Checkmarx.

I have not used another before Checkmarx.

The initial setup of Checkmarx was very easy. The process took approximately one hour. We only need to provide information.

We have five people that are supporting Checkmarx in our company.

This solution is one of the easiest solutions I have used. We have professional services set it up for us but the scans are not enough for us.

I rate Checkmarx an eight out of ten.

Our primary use case solution is for code scanning.

It has made our organization more efficient with our whole code scan/deployment process for our software applications.

The most valuable features are:

• Ease of use
• Dashboard
• Interface
• Report

I have not had an issue with stability of the product.

There have been no issues with scalability that I am aware of.

I have not needed the use of technical support.

Previously, we considered: Veracode, SonarQube, Fortify and IBM Security AppScan.

I was not involved in the initial setup of the solution.

One should consider:

• Visual studio
• Report generation
• If the solution can be on-prem
• Pricing

It is an expensive solution.

Be cautious of the one-year subscription date. Once it expires, your price will go up.

During the trial period, we tried to build automated security development lifecycles with this product and with other products. We have achieved partial success with this.

The solution allows us to create custom rules for code checks. Without custom rules, the system couldn’t find anything serious in the custom code and libraries.

The main issue was the supported Windows OS for the installation. Windows is not appropriate for a big internet company’s infrastructure. Supporting a Windows machine, especially for this software, is inconvenient.

This product requires you to create your own rulesets. You have to do a lot of customization. The default rules do not work very well. In addition, it is impossible to analyze code with dynamic dependencies.

There were no problems with stability. The application was stable in our test cases.

There were no scalability issues, but keep in mind that our version can only scale on one server.

There is very good technical support. We have the support of two onsite engineers.

We are using other tools along with this solution.

The setup was simple. It mostly involved clicking the “Next” button in the Windows installer.

The pricing was not very good. This is just a framework which shouldn’t cost so much.

The product comes with very strange licensing options. They don’t let you exclude workplace licenses, which are useless for building automated systems.

Checkmarx is used only for static application security testing (SAST), and it can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.

I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features. So most of my customers would love to have consolidated vendors who cover all application security to lower operational overhead.

I'm a solution architect, not an end-user. I'm selling Checkmarx. This is the first year I've done business with Checkmarx. In the past five years, I worked a lot with Fortify and Micro Focus. I currently have two customers running Checkmarx, and one more is evaluating the product.

Setting up Checkmarx should be relatively straightforward. It takes a little more time for the DevOps team to enable everything, but overall deployment should take less than a week, including preparation and implementation. 

Most of my customers opted for a perpetual license. They prefer to pay the highest amount upfront for the perpetual license and then pay for additional support annually.

I rate Checkmarx eight out of 10. Until I get more extensive feedback from clients, I would rate it an eight.

We are using multiple solutions for application security, and Checkmarx is one of them. We are a client-centric organization, and we are also providing support to clients for application security. Sometimes, we have our own production, and then we scan the customer information and provide application security. For a few clients, it is deployed on the cloud, and for a few customers, it is on-premises.

The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.

They can support the remaining languages that are currently not supported. They can also
create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks.

It is stable, and it works.

It is scalable. Our clients are small, medium, and big enterprises. It is for all the categories.

Their support is good. I had discussions with them multiple times. We are getting proper support.

It is straightforward. It is not a big challenge. It doesn't take long.

I would rate Checkmarx a seven out of ten.