Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Fortify Static Code Analyzer comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 19, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.5
Checkmarx One enhances security, speeds delivery, reduces costs, and returns ROI within six months for some users.
Sentiment score
8.3
Fortify Static Code Analyzer provides cost-effective early vulnerability detection, yielding substantial ROI and enhancing security and development efficiency.
 

Customer Service

Sentiment score
7.1
Checkmarx One provides generally positive support, but response delays and unresolved tickets challenge some users, despite skilled assistance.
Sentiment score
6.7
Fortify Static Code Analyzer support is praised for responsiveness, but some desire improved handling of complex issues and modern options.
The customer service and support for Fortify Static Code Analyzer are better than those for LoadRunner.
 

Scalability Issues

Sentiment score
7.1
Checkmarx One offers strong scalability, supports automation, and manages scan engines, though may face processing time and licensing cost constraints.
Sentiment score
8.0
Fortify Static Code Analyzer is highly scalable, efficiently handles large codebases, and integrates well with DevOps pipelines.
 

Stability Issues

Sentiment score
7.1
Checkmarx One is generally stable, but users report occasional crashes and performance issues, varying stability ratings from 4-10.
Sentiment score
7.5
Fortify Static Code Analyzer is stable and reliable, with minor versioning issues affecting stability across different setups.
The stability of Fortify Static Code Analyzer is generally good.
 

Room For Improvement

Checkmarx One requires enhancements in false positive reduction, language support, pricing, role management, UI, and support response time.
Fortify needs better language support, user interface, integration, and resource management, with improved configuration and pricing for small businesses.
It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers.
 

Setup Cost

Checkmarx One's pricing is costly but justified by its flexibility, competitive pricing, and enhanced security for enterprises.
Fortify Static Code Analyzer is seen as pricey but valued for flexibility and capability, best for larger enterprises.
The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs.
 

Valuable Features

Checkmarx One offers advanced code analysis, seamless repository integration, and user-friendly features for efficient security testing and vulnerability management.
Fortify Static Code Analyzer enhances DevOps with flexible, automated code analysis, real-time alerts, and comprehensive integration and compliance tools.
The most valuable feature of Fortify Static Code Analyzer is its extensive language support, covering many languages from legacy ones to the newest.
 

Categories and Ranking

Checkmarx One
Ranking in Static Code Analysis
2nd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (21st), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (8th)
Fortify Static Code Analyzer
Ranking in Static Code Analysis
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
17
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Static Code Analysis category, the mindshare of Checkmarx One is 20.1%, down from 24.5% compared to the previous year. The mindshare of Fortify Static Code Analyzer is 11.9%, up from 9.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Code Analysis
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Aphiwat Leetavorn. - PeerSpot reviewer
Provides extensive language support and enhances secure coding practices
The deployment of Fortify Static Code Analyzer needs to be simplified. It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers. This change would facilitate easier installations and ensure all necessary components are connected and ready to use.
report
Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.
845,564 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Financial Services Firm
30%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about Fortify Static Code Analyzer?
Integrating the Fortify Static Code Analyzer into our software development lifecycle was straightforward. It highlights important information beyond just syntax errors. It identifies issues like pa...
What is your experience regarding pricing and costs for Fortify Static Code Analyzer?
I rate the pricing of Fortify Static Code Analyzer as a seven out of ten since it is a bit expensive.
What needs improvement with Fortify Static Code Analyzer?
False positives need improvement in the future. Fortify's vulnerability remediation guidance helps improve code security, but I think they need to improve the focus of the solution, as it still Con...
 

Also Known As

No data available
Fortify Static Code Analysis SAST
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Checkmarx One vs. Fortify Static Code Analyzer and other solutions. Updated: March 2025.
845,564 professionals have used our research since 2012.