Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs FortiDevSec comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
3
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Checkmarx One
Ranking in Vulnerability Management
21st
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (8th)
FortiDevSec
Ranking in Vulnerability Management
33rd
Average Rating
9.0
Reviews Sentiment
7.5
Number of Reviews
1
Ranking in other categories
Static Application Security Testing (SAST) (23rd)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Mohammed Jaffir - PeerSpot reviewer
Scans codes in CI/CD pipelines and identifies vulnerabilities
In a customer environment, developers integrate their code with CI/CD pipelines. Most developers use cloud platforms like AWS or Azure and project management tools. FortiDevSec integrates with these CI/CD pipelines using agents such as YAML files. Once integrated, FortiDevSec scans the source code using our product or within the IDE. The most valuable feature is the ability to identify known vulnerabilities in applications by generating reports easily. This development gamification is very useful for developers. Compared to TechSmart and Fortify, FortiDevSec has similar features, but it is much easier to use because of its simple setup. SysTrack, for example, is not very simple. For the CI/CD pipeline, we only need to integrate a YAML file into the security process. Compared to other products, the tool requires fewer steps. We must integrate one file with the CI/CD pipeline, automatically pulling the code report to the repository. Using our API and username, it is easy to scan the environment. The tool's integration is also easy.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Zafran is an excellent tool."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"The report function is the solution's greatest asset."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"Vulnerability details is valuable."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The most valuable feature is the application tracking reporting."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"The solution is scalable, but other solutions are better."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"In a customer environment, developers integrate their code with CI/CD pipelines. Most developers use cloud platforms like AWS or Azure and project management tools. FortiDevSec integrates with these CI/CD pipelines using agents such as YAML files. Once integrated, FortiDevSec scans the source code using our product or within the IDE."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Checkmarx could improve by reducing the price."
"It is an expensive solution."
"Checkmarx could improve the speed of the scans."
"They could work to improve the user interface. Right now, it really is lacking."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"The only drawback I see with FortiDevSec is the lack of extensions."
 

Pricing and Cost Advice

Information not available
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"It is the right price for quality delivery."
"The solution's price is high and you pay based on the number of users."
"The interface used to create custom rules comes at an additional cost."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"The solution is costly."
Information not available
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
Manufacturing Company
7%
Retailer
6%
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
5%
Computer Software Company
17%
Financial Services Firm
11%
Insurance Company
11%
Construction Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
I find that the pricing for Zafran aligns well with the comprehensive features it offers. The asset and user-based li...
What needs improvement with Zafran Security?
While Zafran Security is already a powerful tool, there are areas where it could be further improved to provide even ...
What is your primary use case for Zafran Security?
Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In toda...
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What needs improvement with FortiDevSec?
The only drawback I see with FortiDevSec is the lack of extensions.
What advice do you have for others considering FortiDevSec?
We have implemented FortiDevSec for one customer for a year. It has been implemented successfully, and we haven't rec...
 

Overview

 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: April 2025.
849,190 professionals have used our research since 2012.