Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Seeker comparison

Checkmarx and Black Duck are both solutions in the API Security category. Checkmarx is ranked #2 with an average rating of 7.9, while Black Duck is ranked #15. Additionally, 86% of Checkmarx users are willing to recommend the solution, compared to 100% of Black Duck users who would recommend it.
Checkmarx One
Read 70 Checkmarx One reviews
  • 303 Views
  • 207 Comparison Views
86% willing to recommend
Seeker
Read 1 Seeker review
  • 84 Views
  • 57 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Checkmarx One and Seeker based on real PeerSpot user reviews.

Find out what your peers are saying about Akamai, Checkmarx, Salt Security and others in API Security.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed API Security Report (Updated: December 2024).
Buyer's Guide
API Security
December 2024
Download the complete report
Helped 824,053 peers since 2012
 

Categories and Ranking

Checkmarx One
Ranking in API Security
2nd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (20th), Static Code Analysis (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (6th)
Seeker
Ranking in API Security
15th
Average Rating
7.0
Reviews Sentiment
6.9
Number of Reviews
1
Ranking in other categories
Internet Security (19th), Mobile Threat Defense (14th)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Read full review
San K - PeerSpot reviewer
More effective than dynamic scanners, but is missing useful learning capabilities
One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need. The purposes for which applications are designed may differ in practice in the industry, and because of this, there will always be tools that sometimes report false positives. Thus, there should be some means with which I can customize the way that Seeker learns about our applications, possibly by using some kind of AI / ML capability within the tool that will automatically reduce the number of false positives that we get as we use the tool over time. Obviously, when we first start using the scanning tool there will be false positives, but as it keeps going and as I keep using the tool, there should be a period of time where either the application can learn how to ignore false positives, or I can customize it do so. Adding this type of functionality would definitely prevent future issues when it comes to reporting false positives, and this is a key area that we have already asked the vendor to improve on, in general. On a different note, there is one feature that isn't completely available right now where you can integrate Seeker with an open-source vulnerability scanner or composition analysis tool such as Black Duck. I would very much like this capability to be available to us out-of-the-box, so that we can easily integrate with tools like Black Duck in such a way that any open source components that are used in the front-end are easily identified. I think this would be a huge plus for Seeker. Another feature within Seeker which could benefit from improvement is active verification, which lets you actively verify a vulnerability. This feature currently doesn't work in certain applications, particularly in scenarios where you have requested tokens. When we bought the tool, we didn't realize this and we were not told about it by the vendor, so initially it was a big challenge for us to overcome it and properly begin our deployment.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It has all the features we need."
"Helps us check vulnerabilities in our SAP Fiori application."
"Apart from software scanning, software composition scanning is valuable."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The UI is user-friendly."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The SAST component was absolutely 100% stable."
"Our static operation security has been able to identify more security issues since implementing this solution."
More Checkmarx One pros
"A significant advantage of Seeker is that it is an interactive scanner, and we have found it to be much more effective in reducing the amount of false positives than dynamic scanners such as AppScan, Micro Focus Fortify, etc. Furthermore, with Seeker, we are finding more and more valid (i.e. "true") positives over time compared with the dynamic scanners."
 

Cons

"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"Checkmarx needs to be more scalable for large enterprise companies."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"The cost per user is high and should be reduced."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"Checkmarx could improve the REST APIs by including automation."
More Checkmarx One cons
"One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need."
 

Pricing and Cost Advice

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"This solution is expensive. The customized package allows you to buy additional users at any time."
"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
More Checkmarx One pricing and cost advice
"The licensing for Seeker is user-based and for 50 users I believe it costs about $70,000 per year."
report
See which vendors are best for you
Use our free recommendation engine to learn which API Security solutions are best for your needs.
See recommendations
824,053 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
22%
Computer Software Company
15%
Manufacturing Company
10%
Government
6%
Financial Services Firm
23%
Computer Software Company
16%
Manufacturing Company
11%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
See all answers
Ask a question
Earn 20 points
 

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One Logo
SonarQube Server (formerly SonarQube) vs Checkmarx One
Compared 48% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 13% of the time
Fortify on Demand vs Checkmarx One Logo
Fortify on Demand vs Checkmarx One
Compared 5% of the time
Coverity vs Checkmarx One Logo
Coverity vs Checkmarx One
Compared 4% of the time
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Compared 4% of the time
More Checkmarx One Competitors
Contrast Security Assess vs Seeker Logo
Contrast Security Assess vs Seeker
Compared 26% of the time
Coverity vs Seeker Logo
Coverity vs Seeker
Compared 24% of the time
Synopsys API Security Testing vs Seeker Logo
Synopsys API Security Testing vs Seeker
Compared 14% of the time
SonarQube Server (formerly SonarQube) vs Seeker Logo
SonarQube Server (formerly SonarQube) vs Seeker
Compared 12% of the time
PortSwigger Burp Suite Professional vs Seeker Logo
PortSwigger Burp Suite Professional vs Seeker
Compared 7% of the time
More Seeker Competitors
 

Product Reports

Buyer's Guide
Checkmarx One
December 2024
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
Internet Security
November 2024
Seeker reportDownload Seeker product report
 

Learn More

Checkmarx
Black Duck
 

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Seeker®, interactive application security testing (IAST) solution, gives you unparalleled visibility into your modern web, cloud based and microservices based app security posture. It automatically verifies, prioritizes and reports on critical vulnerabilities in real time. It identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, GDPR, CAPEC, and CWE/SANS Top 25). Seeker enables security teams to identify and track sensitive data to ensure that it is handled securely and not stored in log files or databases with weak or no encryption. Seeker’s seamless integration into CI/CD workflows enables fast interactive application security testing at DevOps speed.
 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
El Al Airlines and Société Française du Radiotelephone
Buyer's Guide
API Security
December 2024
Download Free Report
Find out what your peers are saying about Akamai, Checkmarx, Salt Security and others in API Security. Updated: December 2024.
DOWNLOAD NOW
824,053 professionals have used our research since 2012.
See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.