Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Checkmarx SAST comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (21st), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (8th)
Checkmarx SAST
Ranking in Static Application Security Testing (SAST)
20th
Average Rating
9.6
Reviews Sentiment
7.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Cuneyt KALPAKOGLU Phd. - PeerSpot reviewer
Identifying code vulnerabilities swiftly with no need to complete the coding and offers good security
The primary use case of Checkmarx SAST is application security, specifically static application security testing. It is essential and the root of this concept I did not find measurable information about the financial benefits or return on investment. The most important competitive advantage and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"Less false positive errors as compared to any other solution."
"One of the most valuable features is it is flexible."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"It shows in-depth code of where actual vulnerabilities are."
"We use the solution to validate the source code and do SAST and security analysis."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"The user interface is excellent. It's very user friendly."
"The most important competitive advantage and benefit is the ability to identify vulnerabilities in the source code immediately without needing to complete the coding."
"The most important feature is that Checkmarx protects our company against attacks."
"The most important feature is that Checkmarx protects our company against attacks."
 

Cons

"Its user interface could be improved and made more friendly."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"The Dynamic Application Security Testing (DAST) feature should be better."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Checkmarx could improve the REST APIs by including automation."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"We had some issues where Checkmarx did not recognize a vulnerability."
"The on-premises version is more expensive compared to the cloud version."
"We had some issues where Checkmarx did not recognize a vulnerability. We had to talk with the vendor, and they had to include an improvement in the tool to resolve this issue."
 

Pricing and Cost Advice

"I believe pricing is better compared to other commercial tools."
"The interface used to create custom rules comes at an additional cost."
"The tool's pricing is fine."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
Information not available
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
5%
Financial Services Firm
26%
Computer Software Company
13%
Manufacturing Company
9%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What is your experience regarding pricing and costs for Checkmarx SAST?
We were users in a small country, and we paid one consolidated bill for all the tools, so I don't know the specific amount for Checkmarx.
What needs improvement with Checkmarx SAST?
We had some issues where Checkmarx did not recognize a vulnerability. We had to talk with the vendor, and they had to include an improvement in the tool to resolve this issue.
What is your primary use case for Checkmarx SAST?
We integrated Checkmarx with our pipelines in Jenkins. We had it fully automated for static security scanning to protect our company against attacks.
 

Also Known As

No data available
SAST
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Checkmarx One vs. Checkmarx SAST and other solutions. Updated: April 2025.
849,190 professionals have used our research since 2012.