Checkmarx One Reviews

We use Checkmarx for scanning our source code.

The most valuable feature is the simple user interface.

I would like to see the rate of false positives reduced.

Checkmarx needs support for more languages, including COBOL.

The stability is fine.

I have not been in contact with technical support.

This is a product that I recommend and I would rate it a seven out of ten.

We are using multiple solutions for application security, and Checkmarx is one of them. We are a client-centric organization, and we are also providing support to clients for application security. Sometimes, we have our own production, and then we scan the customer information and provide application security. For a few clients, it is deployed on the cloud, and for a few customers, it is on-premises.

The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.

They can support the remaining languages that are currently not supported. They can also
create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks.

It is stable, and it works.

It is scalable. Our clients are small, medium, and big enterprises. It is for all the categories.

Their support is good. I had discussions with them multiple times. We are getting proper support.

It is straightforward. It is not a big challenge. It doesn't take long.

I would rate Checkmarx a seven out of ten.

We use it for code scanning and security testing for our in-house application development. We are using its latest version.

Apart from software scanning, software composition scanning is valuable.

Its user interface could be improved and made more friendly. 

When we change a window, the session times out, and we have to log in again. It can be improved from this aspect.

I have been using this solution for about one year.

It has been stable during our work.

We don't have so many applications. So, I have no idea about its scalability. It is enough for our work at the moment, and we have not had any problem with its scalability.

In our team, we have about 10 users.

We are just users of this solution. There is another team that interacts with them. They get technical support from the vendor on this. 

In my previous company, I used SonarQube. In my opinion, Checkmarx gives better results, and its protection is better than SonarQube.

Another team takes care of its deployment. We are just users. We just log into the server and use it for scanning.

It has been working well. I would rate it a seven out of 10.

It provides us with code analysis.

It helps with vulnerability scanning of codes to prevent vulnerability of our applications.

I've used it for one year.

No issues encountered.

Straight forward. Easy to follow steps. 

I worked for an IT security firm and it was quite easy to setup the product for demo purposes virtually and even physically on the client premises

It was straightforward, as it has easy to follow steps. 

I worked for an IT security firm and it was quite easy to setup the product for demo purposes virtually and even physically on the client premises.

The license is fairly costly but worth the investment.

As an InfoSec consulting company, we come across major challenging projects. Checkmarx has made life easy and my team is best at using it. It reduces manual efforts in using test cases against any vulnerability found during source code reviews. Apart from OWASP Top Ten, Checkmarx is quite intelligent to find the latest vulnerability and report it.

Some valuable features of this product are:

• Very comprehensive scanning
• Less false positive errors as compared to any other solution
• Incremental scanning
• Supports all major languages

Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices.

I have not encountered any stability issues.

I have not encountered any scalability issues.

I have never used technical support, so can't comment. We ourselves are expert at it.

We have used no other product.

The setup process was simple.

It is the right price for quality delivery.

We did not evaluate other options, before choosing this product.

Go for it.

After a proper on-boarding, we can set up proper reports of code vulnerability and/or misconfiguration to developers.

Security can be part of the SDLC and reduce the cost of vulnerability remediation. Also, we got faster remediation time for high and critical vulnerability.

Valuable features include:

• Both automatic and manual code review (CxQL).
• The languages covered by the solution.

Integration into the SDLC (i.e. support for last version of SonarQube) could be added.

We had to lock the number of CPUs used to not crash the Checkmarx Audit.

We haven’t had scalability issues yet.

Professional service is really good. Support is too formal. Quickly answering it is not supported instead of developing a hot fix.

We didn’t really have a previous solution but Checkmarx was the best match for .NET support and scan without resolving the dependencies.

Setup was straightforward, but quickly you need complex fine tuning.

Include PS or deployment assistance in order not to miss true positive vulnerabilities. Really powerful tool, but it must be configured to match your application.

Ask to meet another customer with the same needs or the same kind of organization, to learn from their experience.