Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Fortify WebInspect comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 7, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in DevSecOps
2nd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (21st), Static Code Analysis (2nd), API Security (3rd), Risk-Based Vulnerability Management (8th)
Fortify WebInspect
Ranking in DevSecOps
7th
Average Rating
7.2
Reviews Sentiment
6.8
Number of Reviews
21
Ranking in other categories
Dynamic Application Security Testing (DAST) (2nd)
 

Mindshare comparison

As of April 2025, in the DevSecOps category, the mindshare of Checkmarx One is 16.3%, down from 22.3% compared to the previous year. The mindshare of Fortify WebInspect is 7.6%, down from 10.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
DevSecOps
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"Both automatic and manual code review (CxQL) are valuable."
"The UI is very intuitive and simple to use."
"The most valuable feature of this solution is the ability to make our customers more secure."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"It's a well-known platform for doing dynamic application scanning."
"The solution's technical support was very helpful."
"The transaction recorder within WebInspect is easy to use, which is valuable for our team."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"The user interface is ok and it is very simple to use."
 

Cons

"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"Checkmarx needs to be more scalable for large enterprise companies."
"Checkmarx needs improvement in its Dynamic Application Security Testing (DAST) and API security features."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"The initial setup was complex."
"Not sufficiently compatible with some of our systems."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"A localized version, for example, in Korean would be a big improvement to this solution."
"We have had a problem with authentification."
"One thing I would like to see them introduce is a cloud-based platform."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them."
 

Pricing and Cost Advice

"The interface used to create custom rules comes at an additional cost."
"The solution is costly."
"I believe pricing is better compared to other commercial tools."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"It is a good product but a little overpriced."
"For around 250 users or committers, the cost is approximately $500,000."
"It's relatively expensive."
"The tool's pricing is fine."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"Fortify WebInspect is a very expensive product."
"The price is okay."
"This solution is very expensive."
"The pricing is not clear and while it is not high, it is difficult to understand."
"It’s a fair price for the solution."
report
Use our free recommendation engine to learn which DevSecOps solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
5%
Financial Services Firm
17%
Computer Software Company
14%
Government
14%
Manufacturing Company
12%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about Fortify WebInspect?
The solution's technical support was very helpful.
What is your experience regarding pricing and costs for Fortify WebInspect?
Fortify WebInspect can be a bit expensive. However, considering its stability and reliability in meeting current standards, the cost is justified. Still, making the cost more affordable for multipl...
What needs improvement with Fortify WebInspect?
I would like WebInspect's scanning capability to be quicker. Specifically, being able to scan a particular flow or part of an application more rapidly would be beneficial. Additionally, the cost of...
 

Also Known As

No data available
Micro Focus WebInspect, WebInspect
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Aaron's
Find out what your peers are saying about Checkmarx One vs. Fortify WebInspect and other solutions. Updated: March 2025.
849,190 professionals have used our research since 2012.