Checkmarx is ranked 4th, while Veracode is ranked 1st with 39 reviews. Checkmarx is rated 8.0, while Veracode is rated 8.2.
The top reviewer of Checkmarx writes "Works well with Windows servers but no Linux support and takes too long to scan files".
On the other hand, the top reviewer of Veracode writes "Enables us to automatically submit each new build for scanning and get results directly into our JIRA".
Checkmarx is most compared with SonarQube, Veracode and Micro Focus Fortify on Demand, whereas Veracode is most compared with SonarQube, Checkmarx and Micro Focus Fortify on Demand.
Veracode has offered a dynamic analysis testing solution for several years, having launched our first offering in 2015. Veracode’s DAST product line offers the ideal solution to find all of the sites on your web perimeter, including the ones that you did not know about, and run a comprehensive DAST scan of the websites you are securing. Veracode Dynamic Analysis scans Single Page Apps and apps built with Angular and React Vue.js frameworks. Veracode Dynamic Analysis provides scanning automation to configure, schedule, and kick-off scans using REST APIs. We offer integrations with Jira and Jenkins to help streamline your processes. While we are new entrants into the IAST market, we’re confident that Veracode Interactive Analysis can meet the needs of the market. Veracode’s IAST product installs in the pipeline with a lightweight, multi-language agent that delivers high-quality results. Veracode Interactive Analysis covers multiple languages to simplify CICD tooling and adds only 3% to pipeline timelines.
In order to run correctly, Veracode needs executables compiled with debug, that is not so different from having source code, but configuration files checking will be excluded from the analysis. The quality of detections of CheckMarx is superior, as well as the number of supported programming languages. Further, the Veracode company's stability was recently mined by a further recent acquisition. Between those products I haven't any doubt to choose Checkmarx
Vice President, Strategy & Innovation Office, Programmable Solutions Group at a tech vendor with 10,001+ employees
User
Feb 2, 2020
Checkmarx can be deploy on private , Veracode only support the Saas Model . But in China I think that is better for Appscan which include black box and white box function . Any question can contact SYSTIME CHINA . (Apple@systime.com.cn)
Veracode and Checkmarx One compete in the application security testing category. Veracode seems to have an edge due to its comprehensive AppSec training and integration capabilities.Features: Veracode offers robust scanning capabilities and an API for seamless integration, making it ideal for automated DevOps environments like Jenkins. Its comprehensive vulnerability management includes static, dynamic, and software composition analysis, all within a SaaS model, reducing infrastructure...
JaeLee, check out our comparison page hereof Veracode vs Checkmarx: https://www.itcentralstation.c...
Checkmarx is ranked 4th, while Veracode is ranked 1st with 39 reviews. Checkmarx is rated 8.0, while Veracode is rated 8.2.
The top reviewer of Checkmarx writes "Works well with Windows servers but no Linux support and takes too long to scan files".
On the other hand, the top reviewer of Veracode writes "Enables us to automatically submit each new build for scanning and get results directly into our JIRA".
Checkmarx is most compared with SonarQube, Veracode and Micro Focus Fortify on Demand, whereas Veracode is most compared with SonarQube, Checkmarx and Micro Focus Fortify on Demand.
Veracode has offered a dynamic analysis testing solution for several years, having launched our first offering in 2015. Veracode’s DAST product line offers the ideal solution to find all of the sites on your web perimeter, including the ones that you did not know about, and run a comprehensive DAST scan of the websites you are securing. Veracode Dynamic Analysis scans Single Page Apps and apps built with Angular and React Vue.js frameworks. Veracode Dynamic Analysis provides scanning automation to configure, schedule, and kick-off scans using REST APIs. We offer integrations with Jira and Jenkins to help streamline your processes. While we are new entrants into the IAST market, we’re confident that Veracode Interactive Analysis can meet the needs of the market. Veracode’s IAST product installs in the pipeline with a lightweight, multi-language agent that delivers high-quality results. Veracode Interactive Analysis covers multiple languages to simplify CICD tooling and adds only 3% to pipeline timelines.
In order to run correctly, Veracode needs executables compiled with debug, that is not so different from having source code, but configuration files checking will be excluded from the analysis. The quality of detections of CheckMarx is superior, as well as the number of supported programming languages. Further, the Veracode company's stability was recently mined by a further recent acquisition. Between those products I haven't any doubt to choose Checkmarx
Veracode is very new in DAST and IAST, Checkmarx is offering that since longer time and is more experienced.
Checkmarx can be deploy on private , Veracode only support the Saas Model . But in China I think that is better for Appscan which include black box and white box function . Any question can contact SYSTIME CHINA . (Apple@systime.com.cn)
www.gartner.com/reviews/market/application-security-testing/compare/checkmarx-vs-veracode