What advice do you have for others considering Checkmarx Software Composition Analysis?

I rate the solution a ten out of ten. I would highly recommend it to others.

I am more into the SAST side, which is related to Checkmarx Software Composition Analysis. Checkmarx recently introduced DAST and software composition analysis, but I am not aware much about it. Checkmarx Software Composition Analysis is a good tool with many rules, ensuring that the product offers vulnerability detection and provides good coverage. Though my company has not integrated Checkmarx Software Composition Analysis into SDLC, we do plan to do it in the future. The product helped our company deal with a major security breach when we had to deal with a lot of SQL-related issues stemming from some of the codes, which were written earlier not using a proper framework, owing to which there were many vulnerabilities in respect to LDAP, cross-site attacks and SQL injection. The product's most effective part for identifying vulnerabilities stems from the tool's SAST capabilities. The product's dashboard has improved our company's vulnerability management processes. The tool shows a proper dashboard and offers frequent remediation options and proper compliance status, which helps to know about the number of vulnerabilities and the dashboards. The accuracy of the product's vulnerability detection is 95 percent. At an organizational level, the product is hosted on the cloud. In my company, we use the product to scan reports. I don't see anything complex in the solution from the maintenance point of view. The product is deployed in a single location where multiple people use it. The product can be described as an access-based solution. For a particular project or depending on an assignment, access is given to certain people for a month or two. After the completion of a project or assignment, the product's access to a person is removed and given to another person who needs the solution for another project. I recommend the product to those who plan to use it. It is one of the best tools in the market. The product provides good coverage and ensures that the users experience a return on investment from its use in their environment. The tool is also helpful in dealing with vulnerabilities and false positives. I rate the overall tool a nine out of ten.

Once you become familiar with how to use it, the application is very user-friendly. It's stable, regularly updated, and provides detailed information about identified issues, such as which Common Vulnerabilities and Exposures (CVE) is problematic and how to prevent or resolve the issue. It's an excellent tool.

Overall, I would rate the solution an eight out of ten.

I recommend Checkmarx Software Composition Analysis and rate it a ten out of ten.

I recommend the solution to other people who want to start using it. If the dashboard is completed, then it will be in production and used at our end. Also, it will be a good product in the market for SaaS test and API security. Since the dashboard is in beta form right now, I rate the overall solution a nine out of ten.

It's one of the best in the market, honestly. Overall, I would rate the product a nine out of ten. And I didn't score it ten because of the weakness in the support. I know from the past that the support used to be better because I had been working with Checkmarx for over ten years.

My company is a Checkmarx Software Composition Analysis partner. The solution is cloud-based, so it doesn't have a specific version. When Checkmarx markets a product, the product version isn't mentioned. Checkmarx Software Composition Analysis is SaaS, so the customer just gets the account then he can log onto the platform and use it online. My advice to anyone looking into implementing the solution is that you need to know about open-source security, particularly open-source software fundamentals. It's knowing not just open-source vulnerabilities which Checkmarx Software Composition Analysis scans, but legal information as well. The solution doesn't just detect vulnerabilities. It also detects legal risks, for example, if you're using a copyrighted open-source license or a permissive license, etc. I'm rating Checkmarx Software Composition Analysis ten out of ten.

I'm working with Checkmarx Software Composition Analysis. I started in this field of work in 2020. This is when I started using SonarQube in my previous company. Checkmarx Software Composition Analysis can be deployed both on cloud and on-premises, but ours is deployed on-premises. My advice to people who want to implement Checkmarx Software Composition Analysis is to use it, especially if their software development framework relies on open-source plugins or public open-source solutions. They would need a software composition analysis solution to scan for vulnerabilities in components, because a lot of issues and critical vulnerabilities come from public open-source framework, so my suggestion is for them to use Checkmarx Software Composition Analysis. My rating for Checkmarx Software Composition Analysis is eight out of ten.

I would rate Checkmarx Software Composition Analysis a nine out of ten.

I would recommend this solution. Checkmarx Software Composition Analysis is one of the most important products in the IT security market. According to the Gartner report, Checkmarx has been a leading company for the last three years. I would rate Checkmarx Software Composition Analysis a nine out of ten.