Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Fortify Software Security Center comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), API Security (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
Fortify Software Security C...
Ranking in Static Application Security Testing (SAST)
27th
Average Rating
7.8
Number of Reviews
4
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 12.8%, down from 13.8% compared to the previous year. The mindshare of Fortify Software Security Center is 0.3%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Kibeom Kim - PeerSpot reviewer
Jun 11, 2024
Has a good collaboration function and is a centralized software solution
We use the product to scan results, store and display data from Azure, identify scan results, analyze, report, and access company data The platform's most effective for identifying vulnerabilities features are the Fortify audit workbench and the collaboration module, which allow developers and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"One of the most valuable features is it is flexible."
"Vulnerability details is valuable."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"From my point of view, it is the best product on the market."
"Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"This is a stable solution at the end of the day."
"You can easily download the tool's rule packs and update them."
 

Cons

"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"I would like to see the DAST solution in the future."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Meta data is always needed."
"They could work to improve the user interface. Right now, it really is lacking."
"We can run only one project at a time."
"The cost per user is high and should be reduced."
"Checkmarx needs to be more scalable for large enterprise companies."
"Fortify Software Security Center's setup is really painful."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"The product's overlap feature is restrictive and requires more customization efforts, which can be expensive."
"We are having issues with false positives that need to be resolved."
 

Pricing and Cost Advice

"The solution's price is high and you pay based on the number of users."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"It is a good product but a little overpriced."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"We have purchased an annual license to use this solution. The price is reasonable."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available."
"This is a costly solution that could be cheaper."
"The solution is priced fair."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Manufacturing Company
20%
Financial Services Firm
14%
Computer Software Company
10%
Educational Organization
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about Micro Focus Software Security Center?
You can easily download the tool's rule packs and update them.
What is your experience regarding pricing and costs for Micro Focus Software Security Center?
As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available. I would rate the pricing a seven.
What needs improvement with Micro Focus Software Security Center?
The product's overlap feature is restrictive and requires more customization efforts, which can be expensive.
 

Also Known As

No data available
Micro Focus Software Security Center, Application Security Center, HPE Application Security Center, WebInspect
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Neosecure, Acxiom, Skandinavisk Data Center A/S, Parkeon
Find out what your peers are saying about Checkmarx One vs. Fortify Software Security Center and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.