Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Fortify WebInspect comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 7, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in DevSecOps
2nd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (21st), Static Code Analysis (2nd), API Security (3rd), Risk-Based Vulnerability Management (8th)
Fortify WebInspect
Ranking in DevSecOps
7th
Average Rating
7.2
Reviews Sentiment
6.8
Number of Reviews
20
Ranking in other categories
Dynamic Application Security Testing (DAST) (2nd)
 

Mindshare comparison

As of April 2025, in the DevSecOps category, the mindshare of Checkmarx One is 16.3%, down from 22.3% compared to the previous year. The mindshare of Fortify WebInspect is 7.6%, down from 10.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
DevSecOps
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the simple user interface."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The value you can get out of the speedy production may be worth the price tag."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"It is scalable and very easy to use."
"The most valuable feature of this solution is the ability to make our customers more secure."
"The solution's technical support was very helpful."
"Good at scanning and finding vulnerabilities."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"The accuracy of its scans is great."
 

Cons

"It would be really helpful if the level of confidence was included, with respect to identified issues."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"Its user interface could be improved and made more friendly."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"Meta data is always needed."
"I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them."
"Not sufficiently compatible with some of our systems."
"The scanner could be better."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"I would like WebInspect's scanning capability to be quicker."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
 

Pricing and Cost Advice

"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"The solution is costly."
"For around 250 users or committers, the cost is approximately $500,000."
"The interface used to create custom rules comes at an additional cost."
"It is a good product but a little overpriced."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"The price is okay."
"The pricing is not clear and while it is not high, it is difficult to understand."
"It’s a fair price for the solution."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"This solution is very expensive."
"Fortify WebInspect is a very expensive product."
report
Use our free recommendation engine to learn which DevSecOps solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Financial Services Firm
18%
Computer Software Company
15%
Government
14%
Manufacturing Company
12%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about Fortify WebInspect?
The solution's technical support was very helpful.
What is your experience regarding pricing and costs for Fortify WebInspect?
Fortify WebInspect can be a bit expensive. However, considering its stability and reliability in meeting current standards, the cost is justified. Still, making the cost more affordable for multipl...
What needs improvement with Fortify WebInspect?
I would like WebInspect's scanning capability to be quicker. Specifically, being able to scan a particular flow or part of an application more rapidly would be beneficial. Additionally, the cost of...
 

Also Known As

No data available
Micro Focus WebInspect, WebInspect
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Aaron's
Find out what your peers are saying about Checkmarx One vs. Fortify WebInspect and other solutions. Updated: March 2025.
844,944 professionals have used our research since 2012.