Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs FortiDevSec comparison

Checkmarx and Fortinet are both solutions in the Static Application Security Testing (SAST) category. Checkmarx is ranked #3 with an average rating of 7.9, while Fortinet is ranked #25 with an average rating of 9.0. Checkmarx holds a 12.1% mindshare in SAST, compared to Fortinet’s 0.2% mindshare. Additionally, 87% of Checkmarx users are willing to recommend the solution, compared to 100% of Fortinet users who would recommend it.
Checkmarx One
Read 70 Checkmarx One reviews
  • 24,101 Views
  • 15,776 Comparison Views
87% willing to recommend
FortiDevSec
Read 1 FortiDevSec review
  • 269 Views
  • 180 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Checkmarx One and FortiDevSec based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: December 2024).
Buyer's Guide
Static Application Security Testing (SAST)
December 2024
Download the complete report
Helped 831,020 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Ranking in Vulnerability Management
20th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Code Analysis (2nd), API Security (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (7th)
FortiDevSec
Ranking in Static Application Security Testing (SAST)
25th
Ranking in Vulnerability Management
35th
Average Rating
9.0
Reviews Sentiment
7.5
Number of Reviews
1
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of January 2025, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 12.1%, down from 13.9% compared to the previous year. The mindshare of FortiDevSec is 0.2%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Read full review
Mohammed Jaffir - PeerSpot reviewer
Scans codes in CI/CD pipelines and identifies vulnerabilities
In a customer environment, developers integrate their code with CI/CD pipelines. Most developers use cloud platforms like AWS or Azure and project management tools. FortiDevSec integrates with these CI/CD pipelines using agents such as YAML files. Once integrated, FortiDevSec scans the source code using our product or within the IDE. The most valuable feature is the ability to identify known vulnerabilities in applications by generating reports easily. This development gamification is very useful for developers. Compared to TechSmart and Fortify, FortiDevSec has similar features, but it is much easier to use because of its simple setup. SysTrack, for example, is not very simple. For the CI/CD pipeline, we only need to integrate a YAML file into the security process. Compared to other products, the tool requires fewer steps. We must integrate one file with the CI/CD pipeline, automatically pulling the code report to the repository. Using our API and username, it is easy to scan the environment. The tool's integration is also easy.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the application tracking reporting."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The value you can get out of the speedy production may be worth the price tag."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
More Checkmarx One pros
"In a customer environment, developers integrate their code with CI/CD pipelines. Most developers use cloud platforms like AWS or Azure and project management tools. FortiDevSec integrates with these CI/CD pipelines using agents such as YAML files. Once integrated, FortiDevSec scans the source code using our product or within the IDE."
 

Cons

"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"The solution sometimes reports a false auditable code or false positive."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"Checkmarx needs improvement in its Dynamic Application Security Testing (DAST) and API security features."
"I would like to see the DAST solution in the future."
"We can run only one project at a time."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"Checkmarx could improve the speed of the scans."
More Checkmarx One cons
"The only drawback I see with FortiDevSec is the lack of extensions."
 

Pricing and Cost Advice

"This solution is expensive. The customized package allows you to buy additional users at any time."
"The interface used to create custom rules comes at an additional cost."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"The solution is costly."
"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
More Checkmarx One pricing and cost advice
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
831,020 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
22%
Computer Software Company
15%
Manufacturing Company
10%
Government
6%
Computer Software Company
17%
Construction Company
15%
Financial Services Firm
11%
Insurance Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
See all answers
What needs improvement with FortiDevSec?
The only drawback I see with FortiDevSec is the lack of extensions.
See all answers
What advice do you have for others considering FortiDevSec?
We have implemented FortiDevSec for one customer for a year. It has been implemented successfully, and we haven't received any complaints from them. Since it's been used by only one customer, if we...
See all answers
 

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One Logo
SonarQube Server (formerly SonarQube) vs Checkmarx One
Compared 47% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 13% of the time
Fortify on Demand vs Checkmarx One Logo
Fortify on Demand vs Checkmarx One
Compared 5% of the time
Coverity vs Checkmarx One Logo
Coverity vs Checkmarx One
Compared 4% of the time
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Compared 4% of the time
More Checkmarx One Competitors
SonarQube Server (formerly SonarQube) vs FortiDevSec Logo
SonarQube Server (formerly SonarQube) vs FortiDevSec
Compared 66% of the time
Fortify on Demand vs FortiDevSec Logo
Fortify on Demand vs FortiDevSec
Compared 34% of the time
More FortiDevSec Competitors
 

Product Reports

Buyer's Guide
Checkmarx One
January 2025
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
Static Application Security Testing (SAST)
December 2024
FortiDevSec reportDownload FortiDevSec product report
 

Learn More

Checkmarx
Fortinet
 

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

FortiDevSec enhances application security by integrating seamlessly into development pipelines, facilitating early threat detection and mitigation. It supports continuous delivery models and ensures robust application defenses while maintaining efficient development workflows.

By embedding security into DevOps processes, FortiDevSec allows teams to address vulnerabilities during development. It automates security assessments, offering insights that help in reducing risk and improving compliance. Its integration capabilities streamline application security without disrupting developer productivity.

What are the key features of FortiDevSec?
  • Continuous Integration: Automates security checks within development workflows.
  • Comprehensive Analysis: Provides multi-vector scanning for thorough threat detection.
  • Risk-Based Prioritization: Identifies and prioritizes critical vulnerabilities.
  • Integration Compatibility: Easy integration with existing CI/CD tools.
What benefits can users expect from FortiDevSec?
  • Enhanced Security: Improves application protection by identifying security threats early.
  • Increased Efficiency: Reduces manual security assessment time with automation.
  • Compliance Support: Aids in aligning with industry security standards.
  • Cost Effectiveness: Minimizes costs associated with post-production vulnerability fixes.

Industries implementing FortiDevSec like finance and healthcare benefit from its ability to meet strict regulatory standards while ensuring secure and rapid application deployment. It supports integration into existing workflows, making it a valuable tool for maintaining compliance and protecting sensitive data.

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Buyer's Guide
Static Application Security Testing (SAST)
December 2024
Download Free Report
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: December 2024.
DOWNLOAD NOW
831,020 professionals have used our research since 2012.
See our list of best Static Application Security Testing (SAST) vendors and best Vulnerability Management vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.