Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs FortiDevSec comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Checkmarx One
Ranking in Vulnerability Management
21st
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (8th)
FortiDevSec
Ranking in Vulnerability Management
33rd
Average Rating
9.0
Reviews Sentiment
7.5
Number of Reviews
1
Ranking in other categories
Static Application Security Testing (SAST) (23rd)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Mohammed Jaffir - PeerSpot reviewer
Scans codes in CI/CD pipelines and identifies vulnerabilities
In a customer environment, developers integrate their code with CI/CD pipelines. Most developers use cloud platforms like AWS or Azure and project management tools. FortiDevSec integrates with these CI/CD pipelines using agents such as YAML files. Once integrated, FortiDevSec scans the source code using our product or within the IDE. The most valuable feature is the ability to identify known vulnerabilities in applications by generating reports easily. This development gamification is very useful for developers. Compared to TechSmart and Fortify, FortiDevSec has similar features, but it is much easier to use because of its simple setup. SysTrack, for example, is not very simple. For the CI/CD pipeline, we only need to integrate a YAML file into the security process. Compared to other products, the tool requires fewer steps. We must integrate one file with the CI/CD pipeline, automatically pulling the code report to the repository. Using our API and username, it is easy to scan the environment. The tool's integration is also easy.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"Our static operation security has been able to identify more security issues since implementing this solution."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"In a customer environment, developers integrate their code with CI/CD pipelines. Most developers use cloud platforms like AWS or Azure and project management tools. FortiDevSec integrates with these CI/CD pipelines using agents such as YAML files. Once integrated, FortiDevSec scans the source code using our product or within the IDE."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"If it is a very large code base then we have a problem where we cannot scan it."
"Implementing a blackout time for any user or teams: Needs improvement."
"The Dynamic Application Security Testing (DAST) feature should be better."
"The solution sometimes reports a false auditable code or false positive."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"The only drawback I see with FortiDevSec is the lack of extensions."
 

Pricing and Cost Advice

Information not available
"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"This solution is expensive. The customized package allows you to buy additional users at any time."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
Information not available
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
6%
Retailer
6%
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Computer Software Company
16%
Construction Company
11%
Insurance Company
11%
Financial Services Firm
11%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What needs improvement with FortiDevSec?
The only drawback I see with FortiDevSec is the lack of extensions.
What advice do you have for others considering FortiDevSec?
We have implemented FortiDevSec for one customer for a year. It has been implemented successfully, and we haven't rec...
 

Overview

 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: March 2025.
845,040 professionals have used our research since 2012.