Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Rapid7 AppSpider comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), API Security (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
Rapid7 AppSpider
Ranking in Static Application Security Testing (SAST)
28th
Average Rating
7.8
Number of Reviews
13
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 12.8%, down from 13.8% compared to the previous year. The mindshare of Rapid7 AppSpider is 0.5%, down from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Andrei Bigdan - PeerSpot reviewer
May 4, 2023
Useful vulnerability reporting data, flexible, and simple implementation
I am using Rapid7 AppSpider for vulnerability assessment The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Less false positive errors as compared to any other solution."
"Scan reviews can occur during the development lifecycle."
"Helps us check vulnerabilities in our SAP Fiori application."
"The UI is very intuitive and simple to use."
"The SAST component was absolutely 100% stable."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"It is really accurate and the rate of false positives is very low."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"The most valuable feature is the reporting, which is compliant with international standards."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"The setup is usually straightforward."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
 

Cons

"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"Checkmarx is not good because it has too many false positive issues."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"The integration could improve by including, for example, DevSecOps."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"The solution sometimes reports a false auditable code or false positive."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"Integration could be better."
"The dashboard and interface are crucial and they need some improvement."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"The enterprise interface is too simple. It should be more customizable."
"AppSpider has some problems with the RAM needed while scanning."
"There are some glitches with stability, and it is an area for improvement."
 

Pricing and Cost Advice

"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"It is an expensive solution."
"We have purchased an annual license to use this solution. The price is reasonable."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"This solution is expensive. The customized package allows you to buy additional users at any time."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"The number of users and coverage for languages will have an impact on the cost of the license."
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"The licensing cost depends on the number of users."
"The price is pretty fair."
"AppSpider is closed-source software and you need to acquire a license in order to use it."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Computer Software Company
17%
Financial Services Firm
16%
Government
9%
Healthcare Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about Rapid7 AppSpider?
The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate a...
What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor. The price of the s...
What needs improvement with Rapid7 AppSpider?
The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution.
 

Also Known As

No data available
AppSpider
 

Learn More

 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Microsoft
Find out what your peers are saying about Checkmarx One vs. Rapid7 AppSpider and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.