No more typing reviews! Try our Samantha, our new voice AI agent.
Checkmarx Software Composition Analysis Logo

Checkmarx Software Composition Analysis pros and cons

Vendor: Checkmarx
4.5 out of 5
Leave a review

Pros & Cons summary

Checkmarx Software Composition Analysis integrates seamlessly into CICD pipelines, offering fast incremental scans and excelling in identifying vulnerabilities in open-source components. It provides comprehensive security from the design phase, with scalability and AI integration. The user-friendly interface reduces the need for support. However, improvements in licensing, pricing, scanning speed, and dynamic analysis capabilities are needed, along with the ability to scan MuleSoft code and a "what if" feature for scenario analysis.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Checkmarx Software Composition Analysis easily integrates into CICB pipelines, allowing for incremental scans that save time and resources.
It effectively identifies vulnerabilities in open-source components, providing security from the design phase to production.
Checkmarx Software Composition Analysis is recognized for its stability and scalability, ensuring reliable performance.
The comprehensive security scan features of Checkmarx Software Composition Analysis unify various services, enhancing security measures.
The visual scan analysis improves vulnerability detection capabilities, offering detailed insights into library vulnerabilities and license types.

CONS

Pricing of Checkmarx Software Composition Analysis could be improved as it is considered high compared to its competitors.
Performance can be inconsistent, with scan times sometimes being excessively long.
Technical support quality has reportedly decreased over time.
API security has some shortcomings that require enhancement.
Checkmarx Software Composition Analysis lacks a "what if" feature for quickly checking the impact of changes without a full rerun.
 

Checkmarx Software Composition Analysis Pros review quotes

Tharindu Malwenna - PeerSpot reviewer
Tharindu Malwenna
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees
Dec 11, 2024
It has improved identification capabilities, scalability, and integration with AI, such as the AI-powered suggestions.
Read full review
DS
Dmitriy Savin
VP Software Developer/Architect at a financial services firm with 5,001-10,000 employees
Sep 1, 2023
The customer service and support were good.
Read full review
Sujata Sujata Ghadage - PeerSpot reviewer
Sujata Sujata Ghadage
Sr Manager consultant - Digital assurance Services at adrosonic
Mar 14, 2024
It is a stable solution...It is a scalable solution.
Read full review
Buyer's Guide
Checkmarx Software Composition Analysis
May 2026
Free Report: Checkmarx Software Composition Analysis Reviews and More
Learn what your peers think about Checkmarx Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
893,164 professionals have used our research since 2012.
Harsh Soni - PeerSpot reviewer
Harsh Soni
Cyber Security Engineer at Rah Infotech Pvt Ltd
Jun 1, 2023
The integration part is easy...It's a stable solution right now.
Read full review
MH
Moti Huberman
Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees
Jan 16, 2024
I appreciate the user-friendly interface. The GUI is excellent, providing detailed information on outdated versions, including version numbers and the flow of library calls. This allows me to plan and prioritize library changes based on potential vulnerabilities, even if the affected library is indirectly used in my project. The tool offers specific guidance on addressing these issues.
Read full review
reviewer1337412 - PeerSpot reviewer
reviewer1337412
Sr. Director Global Solutions Development at a energy/utilities company with 10,001+ employees
Apr 14, 2023
The most valuable feature of Checkmarx Software Composition Analysis is the comprehensive security scan.
Read full review
AS
Abner Santos
Senior Security Analyst (AppSec) at ELETROBRAS
Apr 1, 2024
The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all libraries that are vulnerable and the extent of their vulnerability.
Read full review
Cuneyt KALPAKOGLU Phd. - PeerSpot reviewer
Cuneyt KALPAKOGLU Phd.
Founder & Chairman at Endpoint-labs Cyber Security R&D
Mar 31, 2023
The product is stable and scalable.
Read full review
reviewer1915431 - PeerSpot reviewer
reviewer1915431
System Engineer at a manufacturing company with 5,001-10,000 employees
Jul 17, 2022
What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start. In the traditional approach, an enterprise or company validates the solution before launching to a production environment, but in the modern approach, security must be checked and provided from the beginning and from the design, and this is where Checkmarx Software Composition Analysis comes in. The solution helps you make sure that every open-source application that you use is secure, and that there's no vulnerability inside that open-source application.
Read full review
reviewer1504092 - PeerSpot reviewer
reviewer1504092
Sr. Director Global Solutions Development at a energy/utilities company with 10,001+ employees
Feb 5, 2021
One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good. It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely.
Read full review
Show 3 more reviews (out of 13)
 

Checkmarx Software Composition Analysis Cons review quotes

Tharindu Malwenna - PeerSpot reviewer
Tharindu Malwenna
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees
Dec 11, 2024
The solution could improve by determining the success factor of an upgrade, which is currently lacking.
Read full review
DS
Dmitriy Savin
VP Software Developer/Architect at a financial services firm with 5,001-10,000 employees
Sep 1, 2023
I would rate the scalability a seven out of ten.
Read full review
Sujata Sujata Ghadage - PeerSpot reviewer
Sujata Sujata Ghadage
Sr Manager consultant - Digital assurance Services at adrosonic
Mar 14, 2024
Some of the recommendations provided by the product are generic. Even if the recommendations provided by the product are of low level, the appropriate ones can help users deal with vulnerabilities.
Read full review
Buyer's Guide
Checkmarx Software Composition Analysis
May 2026
Free Report: Checkmarx Software Composition Analysis Reviews and More
Learn what your peers think about Checkmarx Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
893,164 professionals have used our research since 2012.
Harsh Soni - PeerSpot reviewer
Harsh Soni
Cyber Security Engineer at Rah Infotech Pvt Ltd
Jun 1, 2023
API security is an area with shortcomings that needs improvement.
Read full review
MH
Moti Huberman
Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees
Jan 16, 2024
Personally, I currently use it as a standalone tool without integrating it with other systems, and it meets my needs adequately. As a suggestion, I request on considering to add a "what if" feature to the application. Currently, when the tool identifies issues and suggests updates, if I want to explore different scenarios, I need to prepare another file, turn it into a ZIP, and run the analysis again. It would be more convenient if there was a "what if" option in the GUI. This feature could simulate a run, allowing me to quickly check the impact of changing one or more files or versions without the need for a full rerun.
Read full review
reviewer1337412 - PeerSpot reviewer
reviewer1337412
Sr. Director Global Solutions Development at a energy/utilities company with 10,001+ employees
Apr 14, 2023
Parts of the implementation process could improve by making it more user-friendly.
Read full review
AS
Abner Santos
Senior Security Analyst (AppSec) at ELETROBRAS
Apr 1, 2024
Checkmarx Software Composition Analysis should improve dynamic analysis.
Read full review
Cuneyt KALPAKOGLU Phd. - PeerSpot reviewer
Cuneyt KALPAKOGLU Phd.
Founder & Chairman at Endpoint-labs Cyber Security R&D
Mar 31, 2023
The quality of technical support has decreased over time, and it is not as good as it used to be.
Read full review
reviewer1915431 - PeerSpot reviewer
reviewer1915431
System Engineer at a manufacturing company with 5,001-10,000 employees
Jul 17, 2022
In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal. The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours.
Read full review
reviewer1504092 - PeerSpot reviewer
reviewer1504092
Sr. Director Global Solutions Development at a energy/utilities company with 10,001+ employees
Feb 5, 2021
Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx.
Read full review
Show 3 more reviews (out of 13)

Product Categories

Product Categories
Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons
Snyk vs Checkmarx Software Composition Analysis Logo
Snyk vs Checkmarx Software Composition Analysis
GitLab vs Checkmarx Software Composition Analysis Logo
GitLab vs Checkmarx Software Composition Analysis
Veracode vs Checkmarx Software Composition Analysis Logo
Veracode vs Checkmarx Software Composition Analysis
JFrog Xray vs Checkmarx Software Composition Analysis Logo
JFrog Xray vs Checkmarx Software Composition Analysis
Black Duck SCA vs Checkmarx Software Composition Analysis Logo
Black Duck SCA vs Checkmarx Software Composition Analysis
Mend.io vs Checkmarx Software Composition Analysis Logo
Mend.io vs Checkmarx Software Composition Analysis
Sonatype Lifecycle vs Checkmarx Software Composition Analysis Logo
Sonatype Lifecycle vs Checkmarx Software Composition Analysis
Semgrep vs Checkmarx Software Composition Analysis Logo
Semgrep vs Checkmarx Software Composition Analysis
Invicti vs Checkmarx Software Composition Analysis Logo
Invicti vs Checkmarx Software Composition Analysis
Polaris Platform vs Checkmarx Software Composition Analysis Logo
Polaris Platform vs Checkmarx Software Composition Analysis
FOSSA vs Checkmarx Software Composition Analysis Logo
FOSSA vs Checkmarx Software Composition Analysis
CAST Highlight vs Checkmarx Software Composition Analysis Logo
CAST Highlight vs Checkmarx Software Composition Analysis
Kodem's Dynamic SCA vs Checkmarx Software Composition Analysis Logo
Kodem's Dynamic SCA vs Checkmarx Software Composition Analysis
CAST SBOM Manager vs Checkmarx Software Composition Analysis Logo
CAST SBOM Manager vs Checkmarx Software Composition Analysis
See all alternatives

Product Categories

Product Categories
Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons
Snyk vs Checkmarx Software Composition Analysis Logo
Snyk vs Checkmarx Software Composition Analysis
GitLab vs Checkmarx Software Composition Analysis Logo
GitLab vs Checkmarx Software Composition Analysis
Veracode vs Checkmarx Software Composition Analysis Logo
Veracode vs Checkmarx Software Composition Analysis
JFrog Xray vs Checkmarx Software Composition Analysis Logo
JFrog Xray vs Checkmarx Software Composition Analysis
Black Duck SCA vs Checkmarx Software Composition Analysis Logo
Black Duck SCA vs Checkmarx Software Composition Analysis
Mend.io vs Checkmarx Software Composition Analysis Logo
Mend.io vs Checkmarx Software Composition Analysis
Sonatype Lifecycle vs Checkmarx Software Composition Analysis Logo
Sonatype Lifecycle vs Checkmarx Software Composition Analysis
Semgrep vs Checkmarx Software Composition Analysis Logo
Semgrep vs Checkmarx Software Composition Analysis
Invicti vs Checkmarx Software Composition Analysis Logo
Invicti vs Checkmarx Software Composition Analysis
Polaris Platform vs Checkmarx Software Composition Analysis Logo
Polaris Platform vs Checkmarx Software Composition Analysis
FOSSA vs Checkmarx Software Composition Analysis Logo
FOSSA vs Checkmarx Software Composition Analysis
CAST Highlight vs Checkmarx Software Composition Analysis Logo
CAST Highlight vs Checkmarx Software Composition Analysis
Kodem's Dynamic SCA vs Checkmarx Software Composition Analysis Logo
Kodem's Dynamic SCA vs Checkmarx Software Composition Analysis
CAST SBOM Manager vs Checkmarx Software Composition Analysis Logo
CAST SBOM Manager vs Checkmarx Software Composition Analysis
See all alternatives
Related questions
  • 66
What tools do you rely on for building a DevSecOps pipeline?
  • 74
What alternatives are there for Fortify WebInspect and Fortify SCA?
  • 48
What is the best way to track open-source license compatibility?
  • 86
How long does SCA scanning take?
  • 282
Why is Software Composition Analysis (SCA) important for companies?
  • 66
Differences between Black Duck & Veracode
  • 67
What SCA solution do you recommend?
  • 70
Is there an SCA solution that finds and fixes vulnerabilities?
  • 84
Can I get SCA in my IDE?
  • 74
When evaluating Software Composition Analysis, what aspect do you think is the most important to look for?