Try our new research platform with insights from 80,000+ expert users
Checkmarx One Logo

Checkmarx One Reviews

Vendor: Checkmarx
3.8 out of 5
Badge Leader
Leave a review

What is Checkmarx One?

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Get the Checkmarx One Buyer's Guide and find out what your peers are saying about Checkmarx One, SonarQube Server (formerly SonarQube), Wiz and more!
Checkmarx One is the #3 ranked solution in application security solutions, #3 ranked solution in AST tools, #3 ranked solution in top Static Code Analysis solutions, #4 ranked solution in API Security Solutions, #4 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #4 ranked solution in top DevSecOps solutions, #9 ranked solution in top Risk-Based Vulnerability Management solutions, #22 ranked solution in Container Security Solutions, and #23 ranked solution in top Vulnerability Management solutions. PeerSpot users give Checkmarx One an average rating of 7.6 out of 10. Checkmarx One is most commonly compared to SonarQube Server (formerly SonarQube): Checkmarx One vs SonarQube Server (formerly SonarQube). Checkmarx One is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 20% of all views.
Buyer's Guide
Checkmarx One
August 2025
Get the report
Helped 866,218 peers since 2012

Featured Checkmarx One reviews

Read more reviews

Checkmarx One mindshare

Product category:
Application Security Tools
As of August 2025, the mindshare of Checkmarx One in the Application Security Tools category stands at 10.3%, down from 13.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Application Security Tools Market Share Distribution
ProductMarket Share (%)
Checkmarx One10.3%
SonarQube Server (formerly SonarQube)22.4%
Veracode8.8%
Other58.5%
Application Security Tools

PeerResearch reports based on Checkmarx One reviews

TypeTitleDate
CategoryApplication Security ToolsAug 29, 2025Download
ProductReviews, tips, and advice from real usersAug 29, 2025Download
ComparisonCheckmarx One vs SonarQube Server (formerly SonarQube)Aug 29, 2025Download
ComparisonCheckmarx One vs VeracodeAug 29, 2025Download
ComparisonCheckmarx One vs GitHub Advanced SecurityAug 29, 2025Download
Suggested products
TitleRatingMindshareRecommending
SonarQube Server (formerly SonarQube)4.022.4%81%116 interviewsAdd to research
Wiz4.5N/A95%22 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Checkmarx One offers valuable features like vulnerability identification with detailed reports, easy-to-use interface, and integration with key platforms. It supports multiple programming languages without code compilation, reducing false positives and negatives. Users appreciate its comprehensive scanning for both SAST and SCA, intuitive user interface, quick scanning speed, and configurable reporting. It provides clarity in pinpointing vulnerabilities and recommended fixes, enhancing developers' secure coding capabilities while being user-friendly and effective for various organizations.
  • "I have seen a return on investment from Checkmarx One."
  • "Checkmarx offers many valuable features, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IAC), Supply Chain Security, and API Security."
  • "The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process."

Room for Improvement

Checkmarx One requires improvements in reducing false positives, enhancing role management, and expanding language support. Integrations with third-party tools and more flexible licensing are needed. The user interface and reporting features could be more intuitive, while scanning speed and dynamic testing capabilities should be optimized. Better customization in dashboarding and diagnostic feedback in the GUI can enhance user experience. Support for emerging technologies and comprehensive tutorials are also desired enhancements.
  • "Some were valid and some were not applicable for us based on the scenario."
  • "The Dynamic Application Security Testing (DAST) feature should be better."
  • "Checkmarx needs improvement in its Dynamic Application Security Testing (DAST) and API security features."

ROI

Checkmarx One offers significant benefits by enhancing security during development, leading to faster, secure solution delivery. It identifies issues early, saving on troubleshooting costs and expediting production timelines significantly. Organizations report that the use of Checkmarx One finds code issues early, avoids costly breaches, and improves security practices. Despite some instances of uncertain return due to limited use, others confidently commit to it long-term, citing strong ROI across various security aspects.

Pricing

Checkmarx One licensing is often described as expensive, with various costs influencing the total price, such as user numbers, lines of code, and additional services. Many users find the pricing justified due to its flexibility and high-quality security features, though some note the need for clearer licensing details. Negotiations can offer discounts or custom packages. While some find it more costly than competitors, others appreciate its value for comprehensive application security.
  • "For around 250 users or committers, the cost is approximately $500,000."
  • "The tool's pricing is fine."
  • "The solution's price is high and you pay based on the number of users."

Popular Use Cases

Checkmarx One is primarily used for static application security testing, focusing on source code scanning to identify security vulnerabilities during software development. Users conduct periodic scans, evaluating code quality and adherence to compliance policies, while assessing potential vulnerabilities in applications hosted on various platforms. It integrates well with SCM solutions for efficient code scanning across numerous repositories, helping development and security teams detect, address, and rectify security flaws at an early stage.

Service and Support

Checkmarx One's customer service and support are consistently rated positively. Many express satisfaction with their knowledgeable and responsive support teams, highlighting swift response times and expert assistance. Some mention the value of dedicated account managers and effective resolutions, though others note occasional delays and ticket closure issues. Overall, the feedback reflects robust performance but with room for quicker service and more consistent response times. Most users rate the experience between seven and nine out of ten.

Deployment

Users find Checkmarx One's initial setup generally easy and straightforward, typically requiring minimal time and effort. Proper documentation helps guide users through the process. Some experiences differ, however, as users may encounter complexities requiring technical expertise or support interaction, especially when dealing with specific configurations or environments. While most users manage setup efficiently within a day, others experience longer durations due to additional parameters or integration with DevOps tools and larger setups.

Scalability

Checkmarx One scales effectively for diverse user bases. Many found it easily adjustable, supporting both small teams and larger organizations. Some mentioned its potential with appropriate resource allocation, while others pointed out limitations without sufficient memory. Licensing can affect scalability, but concurrent scans facilitate handling multiple projects. Users generally gave high ratings, with some suggesting improvements for enterprise-level scaling. Successful integration within larger infrastructures was noted by several developers and enterprises.

Stability

Checkmarx One is generally stable, yet memory and performance issues appear with large scans. Frequent updates improve functionality, though specific configurations can lead to crashing or freezing. Users mention stability rates between six to ten, indicating varying degrees of satisfaction. Suggestions include splitting large files and conducting regular full scans to enhance efficiency. Negative feedback is minimal, often due to user setup rather than Checkmarx One itself.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Checkmarx One Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business22
Midsize Enterprise9
Large Enterprise34
By reviewers
By visitors reading reviews
Company SizeCount
Small Business718
Midsize Enterprise462
Large Enterprise2513
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
Insurance Company
5%
Healthcare Company
4%
Educational Organization
4%
Energy/Utilities Company
4%
Retailer
4%
Comms Service Provider
3%
University
3%
Media Company
3%
Non Profit
2%
Real Estate/Law Firm
2%
Outsourcing Company
2%
Legal Firm
2%
Performing Arts
2%
Construction Company
2%
Transportation Company
1%
Consumer Goods Company
1%
Hospitality Company
1%
Engineering Company
1%
Wholesaler/Distributor
1%
Recreational Facilities/Services Company
1%
Logistics Company
1%
Pharma/Biotech Company
1%
Aerospace/Defense Firm
1%

Compare Checkmarx One with alternative products

Go!

Learn more about Checkmarx One

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx One customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech

Case Study: Liveperson Implements Innovative Secure SDLC

Related questions

  • 119
What is the biggest difference between Veracode and Checkmarx?
  • 42
Checkmarx or Veracode. Which should we choose?
  • 679
What is the Biggest Difference Between Checkmarx and Fortify?
  • 68
What is the biggest difference between Checkmarx and SonarQube?
  • 123
Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
  • 278
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 14
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 78
What are the Top 5 cybersecurity trends in 2022?
  • 110
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 29
We're evaluating Tripwire, what else should we consider?

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Vulnerability Management
Container Security
Static Code Analysis
API Security
Dynamic Application Security Testing (DAST)
DevSecOps
Risk-Based Vulnerability Management

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Checkmarx One Logo
SonarQube Server (formerly SonarQube) vs Checkmarx One
Wiz vs Checkmarx One Logo
Wiz vs Checkmarx One
SentinelOne Singularity Cloud Security vs Checkmarx One Logo
SentinelOne Singularity Cloud Security vs Checkmarx One
Microsoft Defender for Cloud vs Checkmarx One Logo
Microsoft Defender for Cloud vs Checkmarx One
Prisma Cloud by Palo Alto Networks vs Checkmarx One Logo
Prisma Cloud by Palo Alto Networks vs Checkmarx One
GitLab vs Checkmarx One Logo
GitLab vs Checkmarx One
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Coverity vs Checkmarx One Logo
Coverity vs Checkmarx One
Mend.io vs Checkmarx One Logo
Mend.io vs Checkmarx One
CrowdStrike Falcon Cloud Security vs Checkmarx One Logo
CrowdStrike Falcon Cloud Security vs Checkmarx One
GitHub Advanced Security vs Checkmarx One Logo
GitHub Advanced Security vs Checkmarx One
OpenText Core Application Security vs Checkmarx One Logo
OpenText Core Application Security vs Checkmarx One
OWASP Zap vs Checkmarx One Logo
OWASP Zap vs Checkmarx One
Orca Security vs Checkmarx One Logo
Orca Security vs Checkmarx One
See all alternatives
 
Checkmarx One Reviews Summary
Author infoRatingReview Summary
Specialist Leader at Deloitte4.5I work as a partner with Checkmarx One and find its initial setup straightforward, although hybrid deployment is preferred. The tool shows clear ROI, but automated code fixing would enhance its capabilities. Enterprise clients benefit from its effective security scans.
Project Manager at Selfemployeed4.0We integrated Checkmarx One into our development pipelines, leveraging its strong SAST and SCA features for efficient code scanning. Improvements are needed in DAST and API security. Overall, it enhances our security practices and offers a good ROI.
Manager, Engineering at 7-Eleven4.5I use Checkmarx One for source code validation and security analysis, which helps identify vulnerabilities and offer improvement recommendations. Although its user interface is outdated, it was chosen over SonarQube due to better security analysis capabilities.
Security Consultant at IBM Thailand4.0Since switching to Checkmarx One, our static code analysis process has become significantly faster and more efficient, reducing time to production. The tool's cloud-based platform simplifies deployment, though managing multiple projects simultaneously requires improvement. It offers substantial time and workload savings.
Technical Lead at a computer software company with 10,001+ employees3.5We use Checkmarx One to check vulnerabilities in our banking products at the build level. The report function is the most valuable feature, though it occasionally identifies false positives. We didn’t use a different solution previously.
Software Engineer at a manufacturing company with 10,001+ employees3.5I use Checkmarx One for scanning code vulnerabilities, and it's developer-friendly, though non-developers might struggle. It could improve CI/CD pipeline integration and Codebashing features. I've tried Veracode and FOSSA but can't compare them extensively.
Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees4.5I use Checkmarx One for identifying code vulnerabilities during development, appreciating its precise issue tracking. However, the software's memory requirements and unclear communication of internal issues need improvement. An easier false positive reporting system would be beneficial.
Senior Software Engineering Manager at a financial services firm with 10,001+ employees4.0We use Checkmarx One primarily for static comprehension testing and appreciate its effective administration features for team management. However, improvements are needed in benefits, dashboard capabilities, and secret scanning. It's comparable to Veracode, with no significant differences noted.