Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Fortify WebInspect comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 7, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in DevSecOps
2nd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (21st), Static Code Analysis (2nd), API Security (3rd), Risk-Based Vulnerability Management (8th)
Fortify WebInspect
Ranking in DevSecOps
7th
Average Rating
7.2
Reviews Sentiment
6.8
Number of Reviews
20
Ranking in other categories
Dynamic Application Security Testing (DAST) (2nd)
 

Mindshare comparison

As of April 2025, in the DevSecOps category, the mindshare of Checkmarx One is 16.3%, down from 22.3% compared to the previous year. The mindshare of Fortify WebInspect is 7.6%, down from 10.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
DevSecOps
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is scalable, but other solutions are better."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"One of the most valuable features is it is flexible."
"The most valuable feature is the application tracking reporting."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"It shows in-depth code of where actual vulnerabilities are."
"The report function is the solution's greatest asset."
"It is scalable and very easy to use."
"The tool provides comprehensive vulnerability assessments which help ensure our deliverables are as free from vulnerabilities as possible. It has also streamlined our web application vulnerability assessments, assisting us in delivering secure applications to our clients."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"Technical support has been good."
"The most valuable feature of this solution is the ability to make our customers more secure."
"It's a well-known platform for doing dynamic application scanning."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The accuracy of its scans is great."
 

Cons

"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"We can run only one project at a time."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"The reports are good, but they still need to be improved considering what the UI offers."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"I would like WebInspect's scanning capability to be quicker."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"The scanner could be better."
"Not sufficiently compatible with some of our systems."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them."
"A localized version, for example, in Korean would be a big improvement to this solution."
"Creating reports is very slow and it is something that should be improved."
 

Pricing and Cost Advice

"The tool's pricing is fine."
"The number of users and coverage for languages will have an impact on the cost of the license."
"The solution is costly."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"It is the right price for quality delivery."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"Fortify WebInspect is a very expensive product."
"It’s a fair price for the solution."
"This solution is very expensive."
"The pricing is not clear and while it is not high, it is difficult to understand."
"The price is okay."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
report
Use our free recommendation engine to learn which DevSecOps solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Financial Services Firm
18%
Computer Software Company
15%
Government
14%
Manufacturing Company
11%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about Fortify WebInspect?
The solution's technical support was very helpful.
What is your experience regarding pricing and costs for Fortify WebInspect?
Fortify WebInspect can be a bit expensive. However, considering its stability and reliability in meeting current standards, the cost is justified. Still, making the cost more affordable for multipl...
What needs improvement with Fortify WebInspect?
I would like WebInspect's scanning capability to be quicker. Specifically, being able to scan a particular flow or part of an application more rapidly would be beneficial. Additionally, the cost of...
 

Also Known As

No data available
Micro Focus WebInspect, WebInspect
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Aaron's
Find out what your peers are saying about Checkmarx One vs. Fortify WebInspect and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.