Checkmarx Software Composition Analysis Reviews

The purpose of software composition analysis is to identify any open-source components that may contain vulnerabilities. It is especially important because, nowadays, developers often download algorithms from the internet while they are developing software, but these downloaded components need to be scanned for vulnerabilities.

Additionally, developers may not pay close attention to open-source components' legal and licensing aspects, which can cause serious problems. Therefore, it is necessary to use software composition analysis as protection, and Checkmarx's SCA tool is very beneficial for this purpose.

The most valuable feature is that it can ensure the security of the software when downloading open-source components from the internet. It is the first and foremost benefit. Secondly, even though these components may be shared or free, there can still be license issues, and young developers may not pay attention to this aspect, which can be very dangerous and lead to serious penalties in the future.

In terms of time and quality of support, Checkmarx SCA needs improvement. The quality of support people needs improvement.

We have been using it since the first day it was released. We always use the latest version.

The software is very stable and works very well.

It is a very scalable product.

This is the most critical point for me. Their support was much better in the past, like last year or two years ago. As compared to the previous timeline, I feel that their support should be much better.

The initial setup is very easy.

From my point of view, according to the value they generate for the customers, it is not expensive. But as compared to competitive products in the market, it is gradually becoming more expensive. It's like choosing between a BMW and a cheaper car.

So, it's worth the money someone spends to use this product.

It's one of the best in the market, honestly.

Overall, I would rate the product a nine out of ten. And I didn't score it ten because of the weakness in the support. I know from the past that the support used to be better because I had been working with Checkmarx for over ten years.

Checkmarx Software Composition Analysis is used for detecting vulnerabilities in the open source software component of a project.

What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start. In the traditional approach, an enterprise or company validates the solution before launching to a production environment, but in the modern approach, security must be checked and provided from the beginning and from the design, and this is where Checkmarx Software Composition Analysis comes in. The solution helps you make sure that every open-source application that you use is secure, and that there's no vulnerability inside that open-source application.

In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal.

The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours.

I've been working with Checkmarx Software Composition Analysis since August, last year.

In terms of the stability of Checkmarx Software Composition Analysis, I've experienced a performance bottleneck, for example, it's been slow. My company has two clouds in Europe and the United States, and when I use the cloud that's based in Europe, sometimes its performance isn't good. When I perform a scan, it takes a long time. It particularly takes several hours for the scan to be completed.

At the moment, customers can use Checkmarx Software Composition Analysis for unlimited projects, so in terms of internal capacity and scalability, those areas are good.

Checkmarx Software Composition Analysis has very good technical support.

The initial setup for Checkmarx Software Composition Analysis was straightforward. On a scale of one to five, I'm rating the setup a five.

Pricing for Checkmarx Software Composition Analysis needs to be competitive.

My company is a Checkmarx Software Composition Analysis partner.

The solution is cloud-based, so it doesn't have a specific version. When Checkmarx markets a product, the product version isn't mentioned.

Checkmarx Software Composition Analysis is SaaS, so the customer just gets the account then he can log onto the platform and use it online.

My advice to anyone looking into implementing the solution is that you need to know about open-source security, particularly open-source software fundamentals. It's knowing not just open-source vulnerabilities which Checkmarx Software Composition Analysis scans, but legal information as well. The solution doesn't just detect vulnerabilities. It also detects legal risks, for example, if you're using a copyrighted open-source license or a permissive license, etc.

I'm rating Checkmarx Software Composition Analysis ten out of ten.

My customers' main use cases for this solution are based on its open-source library. Another use case is with supply chain attacks because It checks the integrity of the library and not just the hash, checksum, or version.

Checkmarx unifies all the features in its service.

I have received complaints from my customers that the pricing could be improved.

It's been two years since I started getting familiar with the solution.

I rate the solution's stability an eight out of ten.

I rate the solution's scalability a ten out of ten. Software Composition is just the version, the hash, so it consumes less data and can be scaled easily.

Checkmarx's technical support is helpful.

Positive

I've used AppDome. Checkmarx protects our apps from the inside, but AppDome protects our apps from the outside. AppCode provides a different aspect of security from Checkmarx by healing apps since Checkmarx doesn't scan for vulnerabilities in code.

I recommend Checkmarx Software Composition Analysis and rate it a ten out of ten.

We use Checkmarx Software Composition Analysis in our development process. We use it when we work with end users for the development of software.

What I found most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in components, especially if some critical issues exist.

An area for improvement in Checkmarx Software Composition Analysis is for the updates to be fast. I see that open-source and third party solutions have a lot of vulnerabilities discovered day by day, so it's important for the end users to get updates instantly, so we can identify those vulnerabilities as soon as possible.

What I'd like to see in the next release of Checkmarx Software Composition Analysis is the improvement of its UI. For example, reconciling the live code in a more convenient way.

Improving Checkmarx Software Composition Analysis to make it more convenient for end users to work, plus verifying and analyzing reports from it, is another thing I'd like to see in the next release.

Checkmarx Software Composition Analysis is a stable solution. Even during upgrades, user experience is stable, and I don't have any major issues with the solution.

Usage of Checkmarx Software Composition Analysis in our company is not too high, so I'm not really sure how scalable it is. We currently have 20 users of the solution.

We don't directly work with the technical support team of Checkmarx Software Composition Analysis, because we have a team who handles the support for the solution, so we contact that team whenever we have issues, instead of contacting the vendor directly.

I have no idea how easy or complex the initial setup for the solution is, because the deployment phase for Checkmarx Software Composition Analysis in my company is through the portal.

I'm working with Checkmarx Software Composition Analysis. I started in this field of work in 2020. This is when I started using SonarQube in my previous company.

Checkmarx Software Composition Analysis can be deployed both on cloud and on-premises, but ours is deployed on-premises.

My advice to people who want to implement Checkmarx Software Composition Analysis is to use it, especially if their software development framework relies on open-source plugins or public open-source solutions. They would need a software composition analysis solution to scan for vulnerabilities in components, because a lot of issues and critical vulnerabilities come from public open-source framework, so my suggestion is for them to use Checkmarx Software Composition Analysis.

My rating for Checkmarx Software Composition Analysis is eight out of ten.

We are an IT security research and development lab. We have around 22 engineers doing research and testing and developing add-ons and complementary solutions. We are the strategic development partner of Checkmarx. We are using the latest version of this solution.

It is very easy and user friendly. It never requires any kind of technical support. You can do everything on your own.

It can have better licensing models.

We have been working with Checkmarx for more than six years.

It is stable. I have never faced any issues.

It is scalable.

It doesn't need any technical support, but when you open a ticket, you get a response on the same day. Sometimes, you get a response in an hour or two hours. They are a very dedicated organization.

The initial setup is straightforward and very user friendly. It is a cloud product, so you don't need to install it. It is plug and play.

I would recommend this solution. Checkmarx Software Composition Analysis is one of the most important products in the IT security market. According to the Gartner report, Checkmarx has been a leading company for the last three years. 

I would rate Checkmarx Software Composition Analysis a nine out of ten.