Checkmarx One vs NGINX App Protect comparison

Checkmarx and F5 are both solutions in the API Security category. Checkmarx is ranked #2 with an average rating of 7.9, while F5 is ranked #4 with an average rating of 8.8. Additionally, 86% of Checkmarx users are willing to recommend the solution, compared to 95% of F5 users who would recommend it.

Checkmarx One

Read 70 Checkmarx One reviews

317 Views
209 Comparison Views

86% willing to recommend

NGINX App Protect

Read 22 NGINX App Protect reviews

360 Views
271 Comparison Views

95% willing to recommend

Checkmarx One

NGINX App Protect

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and NGINX App Protect based on real PeerSpot user reviews.

Find out in this report how the two API Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Checkmarx One vs. NGINX App Protect Report (Updated: October 2024).

Buyer's Guide

Checkmarx One vs. NGINX App Protect

October 2024

Download the complete report

Helped 814,649 peers since 2012

Categories and Ranking

Checkmarx One

Ranking in API Security

2nd

Average Rating

7.6

Reviews Sentiment

7.9

Number of Reviews

Ranking in other categories

Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)

NGINX App Protect

Ranking in API Security

4th

Average Rating

8.4

Number of Reviews

Ranking in other categories

Web Application Firewall (WAF) (16th), Container Security (21st)

Featured Reviews

Rohit Kesharwani

Manager, Engineering at 7-Eleven.

Feb 19, 2024

Provides good security analysis and security identification within the source code

We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…

Read full review

Tomaz Sobczak

Security System Engineer at Ascomp S.A.

Jun 25, 2024

Signature-based detection, DOS protection, and bot protection

NGINX App Protect is easier to automate and configure, or manage from an API. This is good for securing applications. However, it's not suitable for more complex tasks. NGINX App Protect positively impacted performance changes. There's a cache or it works like a proxy, so it can speed up…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The UI is very intuitive and simple to use."

"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."

"Less false positive errors as compared to any other solution."

"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."

"It is a stable product."

"Helps us check vulnerabilities in our SAP Fiori application."

"The most valuable feature is the application tracking reporting."

"The user interface is excellent. It's very user friendly."

More Checkmarx One pros

"The stability of the product is very impressive since it handles 60,000 to 70,000 requests or transactions per second."

"The initial setup was simple and took three to four days."

"It has the best documentation features."

"I tested specific features and evaluated the solution against the Web Application Firewall. I conducted research to test different detection percentages. I did not use it directly for protection but for evaluation purposes."

"The most valuable feature is that I can establish different services from the firewall."

"We were looking for a product that is capable of complete automation and a container based solution. It's working."

"It is a stable solution."

"The tool is not complex and is very user-friendly."

More NGINX App Protect pros

Cons

"I would like to see the tool’s pricing improved."

"The cost per user is high and should be reduced."

"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."

"The solution's user interface could be improved because it seems outdated."

"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."

"Checkmarx could improve by reducing the price."

"The validation process needs to be sped up."

"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."

More Checkmarx One cons

"The dashboard could provide a more comprehensive view of the status of the connections."

"It doesn't have more advanced features like no false-positive security, which you can configure in Advanced WAF."

"The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary."

"The setup of NGINX App Protect is complex. The full process took one week to complete. Additionally, we had to change the network infrastructure platform which took one month."

"The product's price is high, making it an area of concern where improvements are required. The tool's licensing model is also not good."

"The integration of NGINX App Protect could improve."

"Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment."

"It's challenging if you need to go for a high throughput."

More NGINX App Protect cons

Pricing and Cost Advice

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."

"Be cautious of the one-year subscription date. Once it expires, your price will go up."

"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."

"The solution's price is high and you pay based on the number of users."

"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."

"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."

"We have purchased an annual license to use this solution. The price is reasonable."

"The number of users and coverage for languages will have an impact on the cost of the license."

More Checkmarx One pricing and cost advice

"The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner."

"NGINX is not expensive."

"There are not any additional costs we had to pay to use NGINX App Protect."

"The product's price is high."

"The price of NGINX App Protect is not much different from the products that fall under the leader category of Gartner Magic Quadrant."

"NGINX App Protect is expensive."

"Our licensing costs are about $40,000 a year."

"There are no additional fees."

More NGINX App Protect pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which API Security solutions are best for your needs.

See recommendations

814,649 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

15%

Manufacturing Company

10%

Government

Computer Software Company

20%

Financial Services Firm

13%

Manufacturing Company

Energy/Utilities Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

See all answers

What do you like most about NGINX App Protect?

It's very easy to deploy.

See all answers

What is your experience regarding pricing and costs for NGINX App Protect?

The product's price is high.

See all answers

What needs improvement with NGINX App Protect?

The product's price is high, making it an area of concern where improvements are required. The tool's licensing model is also not good. The product should have more documentation, especially like t...

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One

Compared 50% of the time

Veracode vs Checkmarx One

Compared 14% of the time

Fortify on Demand vs Checkmarx One

Compared 6% of the time

Coverity vs Checkmarx One

Compared 4% of the time

Snyk vs Checkmarx One

Compared 4% of the time

More Checkmarx One Competitors

Microsoft Azure Application Gateway vs NGINX App Protect

Compared 22% of the time

Fortinet FortiWeb vs NGINX App Protect

Compared 16% of the time

AWS WAF vs NGINX App Protect

Compared 11% of the time

F5 Advanced WAF vs NGINX App Protect

Compared 11% of the time

open-appsec vs NGINX App Protect

Compared 8% of the time

More NGINX App Protect Competitors

Product Reports

Buyer's Guide

Checkmarx One

November 2024

Download Checkmarx One product report

Buyer's Guide

NGINX App Protect

October 2024

Download NGINX App Protect product report

Also Known As

No data available

NGINX WAF, NGINX Web Application Firewall

Learn More

Checkmarx

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

Integrating security controls directly into the development automation pipeline
Applying and managing security for modern and distributed application environments such as containers and microservices
Providing the right level of security controls without impacting release and go-to-market velocity
Complying with security and regulatory requirements

NGINX App Protect offers:

Expanded security beyond basic signatures to ensure adequate controls
F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
Confidently run in “blocking” mode in production with proven F5 expertise
High‑confidence signatures for extremely low false positives
Increases visibility, integrating with third‑party analytics solutions
Integrates security and WAF natively into the CI/CD pipeline
Deploys as a lightweight software package that is agnostic of underlying infrastructure
Facilitates declarative policies for “security as code” and integration with DevOps tools
Decreases developer burden and provides feedback loop for quick security remediation
Accelerates time to market and reduces costs with DevSecOps‑automated security

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Information Not Available

Buyer's Guide

Checkmarx One vs. NGINX App Protect

October 2024

Free Report: Checkmarx One vs. NGINX App Protect

Find out what your peers are saying about Checkmarx One vs. NGINX App Protect and other solutions. Updated: October 2024.

DOWNLOAD NOW

814,649 professionals have used our research since 2012.

See our Checkmarx One vs. NGINX App Protect report.

See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.