My customers' main use cases for this solution are based on its open-source library. Another use case is with supply chain attacks because It checks the integrity of the library and not just the hash, checksum, or version.
System Engineer at a manufacturing company with 5,001-10,000 employees
A stable and scalable solution that helped ensure the integrity of our libraries
Pros and Cons
- "Checkmarx unifies all the features in its service."
- "I have received complaints from my customers that the pricing could be improved."
What is our primary use case?
What is most valuable?
Checkmarx unifies all the features in its service.
What needs improvement?
I have received complaints from my customers that the pricing could be improved.
For how long have I used the solution?
It's been two years since I started getting familiar with the solution.
Buyer's Guide
Checkmarx Software Composition Analysis
November 2024
Learn what your peers think about Checkmarx Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
I rate the solution's stability an eight out of ten.
What do I think about the scalability of the solution?
I rate the solution's scalability a ten out of ten. Software Composition is just the version, the hash, so it consumes less data and can be scaled easily.
How are customer service and support?
Checkmarx's technical support is helpful.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I've used AppDome. Checkmarx protects our apps from the inside, but AppDome protects our apps from the outside. AppCode provides a different aspect of security from Checkmarx by healing apps since Checkmarx doesn't scan for vulnerabilities in code.
What other advice do I have?
I recommend Checkmarx Software Composition Analysis and rate it a ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
System Engineer at a manufacturing company with 5,001-10,000 employees
Has a straightforward setup, identifies vulnerabilities, and offers good technical support
Pros and Cons
- "What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start. In the traditional approach, an enterprise or company validates the solution before launching to a production environment, but in the modern approach, security must be checked and provided from the beginning and from the design, and this is where Checkmarx Software Composition Analysis comes in. The solution helps you make sure that every open-source application that you use is secure, and that there's no vulnerability inside that open-source application."
- "In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal. The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours."
What is our primary use case?
Checkmarx Software Composition Analysis is used for detecting vulnerabilities in the open source software component of a project.
What is most valuable?
What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start. In the traditional approach, an enterprise or company validates the solution before launching to a production environment, but in the modern approach, security must be checked and provided from the beginning and from the design, and this is where Checkmarx Software Composition Analysis comes in. The solution helps you make sure that every open-source application that you use is secure, and that there's no vulnerability inside that open-source application.
What needs improvement?
In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal.
The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours.
For how long have I used the solution?
I've been working with Checkmarx Software Composition Analysis since August, last year.
What do I think about the stability of the solution?
In terms of the stability of Checkmarx Software Composition Analysis, I've experienced a performance bottleneck, for example, it's been slow. My company has two clouds in Europe and the United States, and when I use the cloud that's based in Europe, sometimes its performance isn't good. When I perform a scan, it takes a long time. It particularly takes several hours for the scan to be completed.
What do I think about the scalability of the solution?
At the moment, customers can use Checkmarx Software Composition Analysis for unlimited projects, so in terms of internal capacity and scalability, those areas are good.
How are customer service and support?
Checkmarx Software Composition Analysis has very good technical support.
How was the initial setup?
The initial setup for Checkmarx Software Composition Analysis was straightforward. On a scale of one to five, I'm rating the setup a five.
What's my experience with pricing, setup cost, and licensing?
Pricing for Checkmarx Software Composition Analysis needs to be competitive.
What other advice do I have?
My company is a Checkmarx Software Composition Analysis partner.
The solution is cloud-based, so it doesn't have a specific version. When Checkmarx markets a product, the product version isn't mentioned.
Checkmarx Software Composition Analysis is SaaS, so the customer just gets the account then he can log onto the platform and use it online.
My advice to anyone looking into implementing the solution is that you need to know about open-source security, particularly open-source software fundamentals. It's knowing not just open-source vulnerabilities which Checkmarx Software Composition Analysis scans, but legal information as well. The solution doesn't just detect vulnerabilities. It also detects legal risks, for example, if you're using a copyrighted open-source license or a permissive license, etc.
I'm rating Checkmarx Software Composition Analysis ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Checkmarx Software Composition Analysis
November 2024
Learn what your peers think about Checkmarx Software Composition Analysis. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Frontend Developer at a tech services company with 51-200 employees
Stable tool that identifies open-source vulnerabilities and critical issues
Pros and Cons
- "What's most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in open-source components, especially if some critical issues exist."
- "Instant updates for end users to identify vulnerabilities as soon as possible will make Checkmarx Software Composition Analysis better. The UI of the solution could also be improved."
What is our primary use case?
We use Checkmarx Software Composition Analysis in our development process. We use it when we work with end users for the development of software.
What is most valuable?
What I found most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in components, especially if some critical issues exist.
What needs improvement?
An area for improvement in Checkmarx Software Composition Analysis is for the updates to be fast. I see that open-source and third party solutions have a lot of vulnerabilities discovered day by day, so it's important for the end users to get updates instantly, so we can identify those vulnerabilities as soon as possible.
What I'd like to see in the next release of Checkmarx Software Composition Analysis is the improvement of its UI. For example, reconciling the live code in a more convenient way.
Improving Checkmarx Software Composition Analysis to make it more convenient for end users to work, plus verifying and analyzing reports from it, is another thing I'd like to see in the next release.
What do I think about the stability of the solution?
Checkmarx Software Composition Analysis is a stable solution. Even during upgrades, user experience is stable, and I don't have any major issues with the solution.
What do I think about the scalability of the solution?
Usage of Checkmarx Software Composition Analysis in our company is not too high, so I'm not really sure how scalable it is. We currently have 20 users of the solution.
How are customer service and support?
We don't directly work with the technical support team of Checkmarx Software Composition Analysis, because we have a team who handles the support for the solution, so we contact that team whenever we have issues, instead of contacting the vendor directly.
How was the initial setup?
I have no idea how easy or complex the initial setup for the solution is, because the deployment phase for Checkmarx Software Composition Analysis in my company is through the portal.
What other advice do I have?
I'm working with Checkmarx Software Composition Analysis. I started in this field of work in 2020. This is when I started using SonarQube in my previous company.
Checkmarx Software Composition Analysis can be deployed both on cloud and on-premises, but ours is deployed on-premises.
My advice to people who want to implement Checkmarx Software Composition Analysis is to use it, especially if their software development framework relies on open-source plugins or public open-source solutions. They would need a software composition analysis solution to scan for vulnerabilities in components, because a lot of issues and critical vulnerabilities come from public open-source framework, so my suggestion is for them to use Checkmarx Software Composition Analysis.
My rating for Checkmarx Software Composition Analysis is eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Founder & Chairman at Endpoint-labs Cyber Security R&D
Very easy, user friendly, and stable
Pros and Cons
- "It is very easy and user friendly. It never requires any kind of technical support. You can do everything on your own."
- "It can have better licensing models."
What is our primary use case?
We are an IT security research and development lab. We have around 22 engineers doing research and testing and developing add-ons and complementary solutions. We are the strategic development partner of Checkmarx. We are using the latest version of this solution.
What is most valuable?
It is very easy and user friendly. It never requires any kind of technical support. You can do everything on your own.
What needs improvement?
It can have better licensing models.
For how long have I used the solution?
We have been working with Checkmarx for more than six years.
What do I think about the stability of the solution?
It is stable. I have never faced any issues.
What do I think about the scalability of the solution?
It is scalable.
How are customer service and technical support?
It doesn't need any technical support, but when you open a ticket, you get a response on the same day. Sometimes, you get a response in an hour or two hours. They are a very dedicated organization.
How was the initial setup?
The initial setup is straightforward and very user friendly. It is a cloud product, so you don't need to install it. It is plug and play.
What other advice do I have?
I would recommend this solution. Checkmarx Software Composition Analysis is one of the most important products in the IT security market. According to the Gartner report, Checkmarx has been a leading company for the last three years.
I would rate Checkmarx Software Composition Analysis a nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Checkmarx Software Composition Analysis Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Software Composition Analysis (SCA)Popular Comparisons
Sonatype Lifecycle
Fortify Static Code Analyzer
Polaris Software Integrity Platform
Buyer's Guide
Download our free Checkmarx Software Composition Analysis Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What tools do you rely on for building a DevSecOps pipeline?
- What alternatives are there for Fortify WebInspect and Fortify SCA?
- What is the best way to track open-source license compatibility?
- Why is Software Composition Analysis (SCA) important for companies?
- Differences between Black Duck & Veracode
- What SCA solution do you recommend?
- Is there an SCA solution that finds and fixes vulnerabilities?
- Can I get SCA in my IDE?
- How long does SCA scanning take?
- When evaluating Software Composition Analysis, what aspect do you think is the most important to look for?