We performed a comparison between Checkmarx One and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The administration in Checkmarx is very good."
"The user interface is excellent. It's very user friendly."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The solution communicates where to fix the issue for the purpose of less iterations."
"Our static operation security has been able to identify more security issues since implementing this solution."
"Apart from software scanning, software composition scanning is valuable."
"We use the solution to validate the source code and do SAST and security analysis."
"The solution is scalable, but other solutions are better."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The application scanning feature is the most valuable feature."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"It has improved my organization with faster security tests."
"The solution has tightened our security."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"It's great that we can use it with Portswigger Burp."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"The validation process needs to be sped up."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Checkmarx could improve by reducing the price."
"Implementing a blackout time for any user or teams: Needs improvement."
"The forced browse has been incorporated into the program and it is resource-intensive."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"Sometimes, we get some false positives."
"Deployment is somewhat complicated."
"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."
"The product should allow users to customize the report based on their needs."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"Lacks resources where users can internally access a learning module from the tool."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Checkmarx One is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Fortify Application Defender, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Fortify WebInspect. See our Checkmarx One vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.