Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Checkmarx SAST comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (21st), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (8th)
Checkmarx SAST
Ranking in Static Application Security Testing (SAST)
20th
Average Rating
9.6
Reviews Sentiment
7.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Cuneyt KALPAKOGLU Phd. - PeerSpot reviewer
Identifying code vulnerabilities swiftly with no need to complete the coding and offers good security
The primary use case of Checkmarx SAST is application security, specifically static application security testing. It is essential and the root of this concept I did not find measurable information about the financial benefits or return on investment. The most important competitive advantage and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Vulnerability details is valuable."
"One of the most valuable features is it is flexible."
"The user interface is excellent. It's very user friendly."
"The UI is user-friendly."
"It has all the features we need."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The value you can get out of the speedy production may be worth the price tag."
"The solution allows us to create custom rules for code checks."
"The most important feature is that Checkmarx protects our company against attacks."
"The most important competitive advantage and benefit is the ability to identify vulnerabilities in the source code immediately without needing to complete the coding."
"The most important feature is that Checkmarx protects our company against attacks."
 

Cons

"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"It is an expensive solution."
"The cost per user is high and should be reduced."
"Checkmarx could improve by reducing the price."
"The on-premises version is more expensive compared to the cloud version."
"We had some issues where Checkmarx did not recognize a vulnerability. We had to talk with the vendor, and they had to include an improvement in the tool to resolve this issue."
"We had some issues where Checkmarx did not recognize a vulnerability."
 

Pricing and Cost Advice

"It's relatively expensive."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"It is a good product but a little overpriced."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"It is an expensive solution."
"The number of users and coverage for languages will have an impact on the cost of the license."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
Information not available
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Financial Services Firm
26%
Computer Software Company
11%
Manufacturing Company
10%
Healthcare Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What is your experience regarding pricing and costs for Checkmarx SAST?
We were users in a small country, and we paid one consolidated bill for all the tools, so I don't know the specific amount for Checkmarx.
What needs improvement with Checkmarx SAST?
We had some issues where Checkmarx did not recognize a vulnerability. We had to talk with the vendor, and they had to include an improvement in the tool to resolve this issue.
What is your primary use case for Checkmarx SAST?
We integrated Checkmarx with our pipelines in Jenkins. We had it fully automated for static security scanning to protect our company against attacks.
 

Also Known As

No data available
SAST
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Checkmarx One vs. Checkmarx SAST and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.