It provides a graphical view of any vulnerabilities.
Cyber-Ark Consultant at a tech services company with 51-200 employees
It is a very good product, but it needs a better understanding of file references.
What is most valuable?
How has it helped my organization?
I have used it as a consultant.
What needs improvement?
It could be improved with more reporting of false positives and the understanding of file references.
For how long have I used the solution?
I've used it for one year.
Buyer's Guide
Checkmarx One
December 2024
Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What was my experience with deployment of the solution?
No issues encountered.
What do I think about the stability of the solution?
No issues encountered.
What do I think about the scalability of the solution?
One needs to be sure on the number of LOC that will be run and also the size of the code.
How are customer service and support?
Customer Service:
8/10.
Technical Support:8/10.
Which solution did I use previously and why did I switch?
I have used Armorize codesecure.
How was the initial setup?
It's a straightforward deployment, and it learns with time.
What about the implementation team?
I implement it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Full Stack Developer at a tech services company with 51-200 employees
It helps with vulnerability scanning of codes to prevent vulnerability of our applications.
What is most valuable?
It provides us with code analysis.
How has it helped my organization?
It helps with vulnerability scanning of codes to prevent vulnerability of our applications.
For how long have I used the solution?
I've used it for one year.
What was my experience with deployment of the solution?
No issues encountered.
Which solution did I use previously and why did I switch?
Straight forward. Easy to follow steps.
I worked for an IT security firm and it was quite easy to setup the product for demo purposes virtually and even physically on the client premises
How was the initial setup?
It was straightforward, as it has easy to follow steps.
I worked for an IT security firm and it was quite easy to setup the product for demo purposes virtually and even physically on the client premises.
What's my experience with pricing, setup cost, and licensing?
The license is fairly costly but worth the investment.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partners
Buyer's Guide
Checkmarx One
December 2024
Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Security at a tech services company with 51-200 employees
Gives good results, but can be more user-friendly
Pros and Cons
- "Apart from software scanning, software composition scanning is valuable."
- "Its user interface could be improved and made more friendly."
What is our primary use case?
We use it for code scanning and security testing for our in-house application development. We are using its latest version.
What is most valuable?
Apart from software scanning, software composition scanning is valuable.
What needs improvement?
Its user interface could be improved and made more friendly.
When we change a window, the session times out, and we have to log in again. It can be improved from this aspect.
For how long have I used the solution?
I have been using this solution for about one year.
What do I think about the stability of the solution?
It has been stable during our work.
What do I think about the scalability of the solution?
We don't have so many applications. So, I have no idea about its scalability. It is enough for our work at the moment, and we have not had any problem with its scalability.
In our team, we have about 10 users.
How are customer service and support?
We are just users of this solution. There is another team that interacts with them. They get technical support from the vendor on this.
Which solution did I use previously and why did I switch?
In my previous company, I used SonarQube. In my opinion, Checkmarx gives better results, and its protection is better than SonarQube.
How was the initial setup?
Another team takes care of its deployment. We are just users. We just log into the server and use it for scanning.
What other advice do I have?
It has been working well. I would rate it a seven out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Software Engineer at a computer software company with 10,001+ employees
Simple to use interface, but it needs to have support for more languages
Pros and Cons
- "The most valuable feature is the simple user interface."
- "I would like to see the rate of false positives reduced."
What is our primary use case?
We use Checkmarx for scanning our source code.
What is most valuable?
The most valuable feature is the simple user interface.
What needs improvement?
I would like to see the rate of false positives reduced.
Checkmarx needs support for more languages, including COBOL.
What do I think about the stability of the solution?
The stability is fine.
How are customer service and technical support?
I have not been in contact with technical support.
What other advice do I have?
This is a product that I recommend and I would rate it a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Assistant Manager Business Development at a tech services company with 501-1,000 employees
It offers comprehensive and incremental scanning, and supports all major languages.
Pros and Cons
- "Less false positive errors as compared to any other solution."
- "Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
How has it helped my organization?
As an InfoSec consulting company, we come across major challenging projects. Checkmarx has made life easy and my team is best at using it. It reduces manual efforts in using test cases against any vulnerability found during source code reviews. Apart from OWASP Top Ten, Checkmarx is quite intelligent to find the latest vulnerability and report it.
What is most valuable?
Some valuable features of this product are:
- Very comprehensive scanning
- Less false positive errors as compared to any other solution
- Incremental scanning
- Supports all major languages
What needs improvement?
Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices.
What do I think about the stability of the solution?
I have not encountered any stability issues.
What do I think about the scalability of the solution?
I have not encountered any scalability issues.
How are customer service and technical support?
I have never used technical support, so can't comment. We ourselves are expert at it.
Which solution did I use previously and why did I switch?
We have used no other product.
How was the initial setup?
The setup process was simple.
What's my experience with pricing, setup cost, and licensing?
It is the right price for quality delivery.
Which other solutions did I evaluate?
We did not evaluate other options, before choosing this product.
What other advice do I have?
Go for it.
Disclosure: My company has a business relationship with this vendor other than being a customer: We're the primary resellers of the product in India and Middle East region.
Responsable du Pôle Sécurité des Applications at a tech company with 51-200 employees
Both automatic and manual code review are possible. We can set up proper reports of code vulnerability.
Pros and Cons
- "Both automatic and manual code review (CxQL) are valuable."
- "Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
How has it helped my organization?
After a proper on-boarding, we can set up proper reports of code vulnerability and/or misconfiguration to developers.
Security can be part of the SDLC and reduce the cost of vulnerability remediation. Also, we got faster remediation time for high and critical vulnerability.
What is most valuable?
Valuable features include:
- Both automatic and manual code review (CxQL).
- The languages covered by the solution.
What needs improvement?
Integration into the SDLC (i.e. support for last version of SonarQube) could be added.
What do I think about the stability of the solution?
We had to lock the number of CPUs used to not crash the Checkmarx Audit.
What do I think about the scalability of the solution?
We haven’t had scalability issues yet.
How are customer service and technical support?
Professional service is really good. Support is too formal. Quickly answering it is not supported instead of developing a hot fix.
Which solution did I use previously and why did I switch?
We didn’t really have a previous solution but Checkmarx was the best match for .NET support and scan without resolving the dependencies.
How was the initial setup?
Setup was straightforward, but quickly you need complex fine tuning.
What's my experience with pricing, setup cost, and licensing?
Include PS or deployment assistance in order not to miss true positive vulnerabilities. Really powerful tool, but it must be configured to match your application.
What other advice do I have?
Ask to meet another customer with the same needs or the same kind of organization, to learn from their experience.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Checkmarx One Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Application Security Tools Static Application Security Testing (SAST) Vulnerability Management Static Code Analysis API Security DevSecOps Risk-Based Vulnerability ManagementPopular Comparisons
SonarQube Server (formerly SonarQube)
Veracode
GitLab
Mend.io
Fortify on Demand
Sonatype Lifecycle
CrowdStrike Falcon Cloud Security
Acunetix
PortSwigger Burp Suite Professional
GitHub Advanced Security
HCL AppScan
Qualys Web Application Scanning
GitHub
Klocwork
Buyer's Guide
Download our free Checkmarx One Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between Veracode and Checkmarx?
- Checkmarx or Veracode. Which should we choose?
- What is the Biggest Difference Between Checkmarx and Fortify?
- What is the biggest difference between Checkmarx and SonarQube?
- Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which application security solutions include both vulnerability scans and quality checks?