Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Checkmarx SAST comparison

Checkmarx One and Checkmarx SAST are both solutions in the Static Application Security Testing (SAST) category. Checkmarx One is ranked #3 with an average rating of 7.9, while Checkmarx SAST is ranked #53. Additionally, 86% of Checkmarx One users are willing to recommend the solution, compared to 100% of Checkmarx SAST users who would recommend it.
Checkmarx One
Read 70 Checkmarx One reviews
  • 27,344 Views
  • 17,555 Comparison Views
86% willing to recommend
Checkmarx SAST
Read 1 Checkmarx SAST review
  • 54 Views
  • 43 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Checkmarx One and Checkmarx SAST based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: October 2024).
Buyer's Guide
Static Application Security Testing (SAST)
October 2024
Download the complete report
Helped 813,572 peers since 2012
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
Checkmarx SAST
Ranking in Static Application Security Testing (SAST)
53rd
Average Rating
10.0
Reviews Sentiment
7.3
Number of Reviews
1
Ranking in other categories
No ranking in other categories
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Read full review
Cuneyt KALPAKOGLU Phd. - PeerSpot reviewer
Oct 7, 2024
Identifying code vulnerabilities swiftly with no need to complete the coding and offers good security
The primary use case of Checkmarx SAST is application security, specifically static application security testing. It is essential and the root of this concept I did not find measurable information about the financial benefits or return on investment. The most important competitive advantage and…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"It is a stable product."
"The most valuable feature for me is the Jenkins Plugin."
"From my point of view, it is the best product on the market."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"Apart from software scanning, software composition scanning is valuable."
"Checkmarx offers many valuable features, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IAC), Supply Chain Security, and API Security."
More Checkmarx One pros
"The most important competitive advantage and benefit is the ability to identify vulnerabilities in the source code immediately without needing to complete the coding."
 

Cons

"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Checkmarx needs to be more scalable for large enterprise companies."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
More Checkmarx One cons
"The on-premises version is more expensive compared to the cloud version."
 

Pricing and Cost Advice

"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"The interface used to create custom rules comes at an additional cost."
"The tool's pricing is fine."
"The solution is costly."
"It is the right price for quality delivery."
More Checkmarx One pricing and cost advice
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
813,572 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx is not a cheap solution. For around 250 users or committers, the cost is approximately $500,000. However, the investment is justified considering the potential costs of security breaches ...
See all answers
Ask a question
Earn 20 points
 

Comparisons

SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
Compared 50% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 13% of the time
Fortify on Demand vs Checkmarx One Logo
Fortify on Demand vs Checkmarx One
Compared 6% of the time
Coverity vs Checkmarx One Logo
Coverity vs Checkmarx One
Compared 4% of the time
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Compared 4% of the time
More Checkmarx One Competitors
No data available
 

Product Reports

Buyer's Guide
Checkmarx One
October 2024
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
Static Application Security Testing (SAST)
October 2024
Checkmarx SAST reportDownload Checkmarx SAST product report
 

Also Known As

No data available
SAST
 

Learn More

Checkmarx
Checkmarx
 

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx SAST provides advanced static application security testing by identifying vulnerabilities in source code. It's ideal for ISOs, security professionals, and developers striving to secure applications during development.

Checkmarx SAST is known for its powerful code scanning capabilities that integrate seamlessly into existing development environments. It supports a wide range of programming languages, which makes it applicable for diverse development projects. Some users suggest improvements in the scan performance speed and enhanced support in handling false positives to further optimize workflow efficiency.

What are the standout features of Checkmarx SAST?
  • Language Support: Offers broad language support catering to multiple coding frameworks.
  • Integration Flexibility: Seamlessly integrates with existing CI/CD pipelines and developer tools.
  • Comprehensive Scanning: Detects security vulnerabilities early in the development process.
  • Detailed Reporting: Provides comprehensive reports that help prioritize remediation efforts.
What benefits and ROI should users consider?
  • Improved Security Posture: Enhances application security by catching vulnerabilities early.
  • Cost Efficiency: Reduces costs associated with post-deployment issue resolution.
  • Developer Empowerment: Allows developers to identify and fix issues independently.
  • Regulatory Compliance: Assists in meeting compliance requirements efficiently.

Implemented across various industries, Checkmarx SAST supports sectors like finance, healthcare, and technology with their stringent security requirements. By integrating seamlessly into existing workflows, it ensures that applications remain secure while not disrupting industry-specific processes.

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Buyer's Guide
Static Application Security Testing (SAST)
October 2024
Download Free Report
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: October 2024.
DOWNLOAD NOW
813,572 professionals have used our research since 2012.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.