No more typing reviews! Try our Samantha, our new voice AI agent.
Checkmarx One Logo

Checkmarx One pros and cons

Vendor: Checkmarx
3.9 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Checkmarx One enhances software security with pre-compile scanning and seamless integration with repositories like Git, enabling early vulnerability detection and faster market release. Offering SAST, Software Composition Analysis, and AI features, it increases accuracy and productivity while reducing false positives. Although improvements are needed in language support, scalability, and scanning speed, its ability to manage application security effectively makes it valuable for tech buyers. More comprehensive custom rule support and competitive pricing could further strengthen its appeal.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Checkmarx One allows for pre-compile scanning, providing seamless SAST scanning of uncompiled code, natively integrating with all key repo formats like Git and SVN.
The integration with multiple SCM solutions and CICD tools allows for quick scanning and scaling according to user licenses.
Checkmarx One offers valuable features including SAST, Software Composition Analysis, and AI integrations, boosting efficiency and accuracy in scanning.
By implementing Checkmarx One, organizations find vulnerabilities early in the development cycle, reducing the timeline for releases and increasing speed to market.
Checkmarx One reduces false positives effectively, enhancing developer productivity and allowing for better application security management.

CONS

Checkmarx One can improve by expanding coverage for more application languages and frameworks, including mobile applications and open-source development tools.
Licensing models and support for Swift language need improvement, as major customers require support for lower prices.
Checkmarx One reports many false positives, necessitating manual segregation as "Not exploitable."
A more comprehensive support for custom rule creation and improved accessibility for these rules in Checkmarx One is necessary.
Checkmarx One could benefit from better scaling for large enterprises and improved scanning speed to fit seamlessly into continuous delivery pipelines.
 

Checkmarx One Pros review quotes

Shahzad Shahzad - PeerSpot reviewer
Shahzad Shahzad
Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution
Nov 25, 2025
Overall, I use Checkmarx One as a strategic control point to improve developer velocity while strengthening application security across the full software lifecycle.
Read full review
Rohit Kaushish - PeerSpot reviewer
Rohit Kaushish
Senior Software Engineer at a tech vendor with 10,001+ employees
Nov 19, 2025
By using the automated testing in Checkmarx One, we have saved around one or two days in a full week of our team because we have a lot of code to do with seven markets.
Read full review
Ricardo Sousa da Silva - PeerSpot reviewer
Ricardo Sousa da Silva
Cyber Security Expert at Nestle
Nov 21, 2025
Checkmarx One has positively impacted the organization, and since replacing the previous tool, SAST and SCA scans are conducted in a couple of minutes instead of hours or days, saving time and increasing speed to market by reducing the timeline from three or four days to one day only.
Read full review
Buyer's Guide
Checkmarx One
May 2026
Free Report: Checkmarx One Reviews and More
Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
Swetha Dhanasekar - PeerSpot reviewer
Swetha Dhanasekar
Senior GenAI Engineer at a tech vendor with 10,001+ employees
Nov 26, 2025
Checkmarx One has definitely helped us to save time and reduce the need for additional security resources, meaning employees.
Read full review
RiteshWalia - PeerSpot reviewer
RiteshWalia
ML Engineer - Specialist at a tech vendor with 10,001+ employees
Nov 23, 2025
Checkmarx One has positively impacted my organization, especially in our CI/CD integration, where when we try to build any feature, they are always scanned by Checkmarx before they get released.
Read full review
Syed Hasan - PeerSpot reviewer
Syed Hasan
Specialist Leader at Deloitte
Jun 2, 2025
I have seen a return on investment from Checkmarx One.
Read full review
NS
Navdeep_Singh
Software Engineer at a manufacturing company with 10,001+ employees
Jan 24, 2026
The best features Checkmarx One offers, in my opinion, are that it is easy to use, and there is not much deep diving into this.
Read full review
reviewer2783283 - PeerSpot reviewer
reviewer2783283
Senior Software Engineer at a financial services firm with 10,001+ employees
Nov 29, 2025
Checkmarx One has positively impacted the organization by providing resolution strategies and indicating which vulnerabilities need to be fixed.
Read full review
AK
Adarkum Kumar
Product security engineer at a tech vendor with 10,001+ employees
Nov 29, 2025
Checkmarx One has positively impacted our organization as we tend to find vulnerabilities very early in the development cycle.
Read full review
FC
FernandoCarlos
Project Manager at Selfemployeed
Sep 13, 2024
The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process.
Read full review
Show 10 more reviews (out of 78)
 

Checkmarx One Cons review quotes

Shahzad Shahzad - PeerSpot reviewer
Shahzad Shahzad
Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution
Nov 25, 2025
Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context.
Read full review
Rohit Kaushish - PeerSpot reviewer
Rohit Kaushish
Senior Software Engineer at a tech vendor with 10,001+ employees
Nov 19, 2025
It takes around 30 to 40 minutes for checking a build. If you can make it within five minutes or 10 minutes, that would be great.
Read full review
Ricardo Sousa da Silva - PeerSpot reviewer
Ricardo Sousa da Silva
Cyber Security Expert at Nestle
Nov 21, 2025
Checkmarx One is often down when the cloud provider experiences issues. A more fail-tolerant solution needs to be created.
Read full review
Buyer's Guide
Checkmarx One
May 2026
Free Report: Checkmarx One Reviews and More
Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
Swetha Dhanasekar - PeerSpot reviewer
Swetha Dhanasekar
Senior GenAI Engineer at a tech vendor with 10,001+ employees
Nov 26, 2025
Scanning speed optimization is an area where improvements can be made, and we can reduce false positives.
Read full review
RiteshWalia - PeerSpot reviewer
RiteshWalia
ML Engineer - Specialist at a tech vendor with 10,001+ employees
Nov 23, 2025
Checkmarx One can be improved on the side of faster scans, especially when our CI pipelines are scanning for vulnerabilities.
Read full review
Syed Hasan - PeerSpot reviewer
Syed Hasan
Specialist Leader at Deloitte
Jun 2, 2025
Some were valid and some were not applicable for us based on the scenario.
Read full review
NS
Navdeep_Singh
Software Engineer at a manufacturing company with 10,001+ employees
Jan 24, 2026
There are some downtimes when Checkmarx One is being upgraded to the latest version or some improvement is there.
Read full review
reviewer2783283 - PeerSpot reviewer
reviewer2783283
Senior Software Engineer at a financial services firm with 10,001+ employees
Nov 29, 2025
Checkmarx One can be improved by reducing noise and improving false positive filtering.
Read full review
AK
Adarkum Kumar
Product security engineer at a tech vendor with 10,001+ employees
Nov 29, 2025
For Checkmarx One, I think that adding repositories and scanning impromptu code could improve it.
Read full review
FC
FernandoCarlos
Project Manager at Selfemployeed
Sep 13, 2024
Checkmarx needs improvement in its Dynamic Application Security Testing (DAST) and API security features.
Read full review
Show 10 more reviews (out of 78)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Vulnerability Management
Container Security
Static Code Analysis
API Security
Dynamic Application Security Testing (DAST)
DevSecOps
Risk-Based Vulnerability Management
Application Security Posture Management (ASPM)
AI Security

Popular Comparisons

Popular Comparisons
SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
SentinelOne Singularity Cloud Security vs Checkmarx One Logo
SentinelOne Singularity Cloud Security vs Checkmarx One
Wiz vs Checkmarx One Logo
Wiz vs Checkmarx One
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Microsoft Defender for Cloud vs Checkmarx One Logo
Microsoft Defender for Cloud vs Checkmarx One
Prisma Cloud by Palo Alto Networks vs Checkmarx One Logo
Prisma Cloud by Palo Alto Networks vs Checkmarx One
GitLab vs Checkmarx One Logo
GitLab vs Checkmarx One
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Qualys VMDR vs Checkmarx One Logo
Qualys VMDR vs Checkmarx One
Tanium vs Checkmarx One Logo
Tanium vs Checkmarx One
Imperva Application Security Platform vs Checkmarx One Logo
Imperva Application Security Platform vs Checkmarx One
Tenable Nessus vs Checkmarx One Logo
Tenable Nessus vs Checkmarx One
CrowdStrike Falcon Cloud Security vs Checkmarx One Logo
CrowdStrike Falcon Cloud Security vs Checkmarx One
Orca Security vs Checkmarx One Logo
Orca Security vs Checkmarx One
JFrog Xray vs Checkmarx One Logo
JFrog Xray vs Checkmarx One
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Vulnerability Management
Container Security
Static Code Analysis
API Security
Dynamic Application Security Testing (DAST)
DevSecOps
Risk-Based Vulnerability Management
Application Security Posture Management (ASPM)
AI Security

Popular Comparisons

Popular Comparisons
SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
SentinelOne Singularity Cloud Security vs Checkmarx One Logo
SentinelOne Singularity Cloud Security vs Checkmarx One
Wiz vs Checkmarx One Logo
Wiz vs Checkmarx One
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Microsoft Defender for Cloud vs Checkmarx One Logo
Microsoft Defender for Cloud vs Checkmarx One
Prisma Cloud by Palo Alto Networks vs Checkmarx One Logo
Prisma Cloud by Palo Alto Networks vs Checkmarx One
GitLab vs Checkmarx One Logo
GitLab vs Checkmarx One
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Qualys VMDR vs Checkmarx One Logo
Qualys VMDR vs Checkmarx One
Tanium vs Checkmarx One Logo
Tanium vs Checkmarx One
Imperva Application Security Platform vs Checkmarx One Logo
Imperva Application Security Platform vs Checkmarx One
Tenable Nessus vs Checkmarx One Logo
Tenable Nessus vs Checkmarx One
CrowdStrike Falcon Cloud Security vs Checkmarx One Logo
CrowdStrike Falcon Cloud Security vs Checkmarx One
Orca Security vs Checkmarx One Logo
Orca Security vs Checkmarx One
JFrog Xray vs Checkmarx One Logo
JFrog Xray vs Checkmarx One
See all alternatives
Related questions
  • 52
What is the biggest difference between Veracode and Checkmarx?
  • 92
Checkmarx or Veracode. Which should we choose?
  • 211
What is the Biggest Difference Between Checkmarx and Fortify?
  • 67
What is the biggest difference between Checkmarx and SonarQube?
  • 108
Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
  • 228
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 154
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 276
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 243
What are the Top 5 cybersecurity trends in 2022?
  • 142
Which application security solutions include both vulnerability scans and quality checks?