Try our new research platform with insights from 80,000+ expert users
Checkmarx One Logo

Checkmarx One pros and cons

Vendor: Checkmarx
3.9 out of 5
Badge Leader
Leave a review

Pros & Cons summary

Checkmarx One enhances software security with pre-compile scanning and seamless integration with repositories like Git, enabling early vulnerability detection and faster market release. Offering SAST, Software Composition Analysis, and AI features, it increases accuracy and productivity while reducing false positives. Although improvements are needed in language support, scalability, and scanning speed, its ability to manage application security effectively makes it valuable for tech buyers. More comprehensive custom rule support and competitive pricing could further strengthen its appeal.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Checkmarx One allows for pre-compile scanning, providing seamless SAST scanning of uncompiled code, natively integrating with all key repo formats like Git and SVN.
The integration with multiple SCM solutions and CICD tools allows for quick scanning and scaling according to user licenses.
Checkmarx One offers valuable features including SAST, Software Composition Analysis, and AI integrations, boosting efficiency and accuracy in scanning.
By implementing Checkmarx One, organizations find vulnerabilities early in the development cycle, reducing the timeline for releases and increasing speed to market.
Checkmarx One reduces false positives effectively, enhancing developer productivity and allowing for better application security management.

CONS

Checkmarx One can improve by expanding coverage for more application languages and frameworks, including mobile applications and open-source development tools.
Licensing models and support for Swift language need improvement, as major customers require support for lower prices.
Checkmarx One reports many false positives, necessitating manual segregation as "Not exploitable."
A more comprehensive support for custom rule creation and improved accessibility for these rules in Checkmarx One is necessary.
Checkmarx One could benefit from better scaling for large enterprises and improved scanning speed to fit seamlessly into continuous delivery pipelines.
 

Checkmarx One Pros review quotes

RJ
Robert V. Jones
Founder at a tech company with 51-200 employees
Feb 2, 2017
The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled.
Read full review
it_user318207 - PeerSpot reviewer
it_user318207
Senior Software Security Analyst at a financial services firm with 1,001-5,000 employees
Sep 26, 2016
It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc).
Read full review
it_user531780 - PeerSpot reviewer
it_user531780
Senior Software Security Analyst at a financial services firm with 1,001-5,000 employees
Oct 13, 2016
We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code.
Read full review
Buyer's Guide
Checkmarx One
January 2026
Free Report: Checkmarx One Reviews and More
Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
it_user538254 - PeerSpot reviewer
it_user538254
Assistant Manager Business Development at a tech services company with 501-1,000 employees
Oct 23, 2016
Less false positive errors as compared to any other solution.
Read full review
it_user547335 - PeerSpot reviewer
it_user547335
Innovation Consultant (Security Analyst) at a tech services company with 1,001-5,000 employees
Nov 6, 2016
Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application.
Read full review
GG
Gustavo_Gonzalez
Technical Program Manager at a engineering company with 10,001+ employees
Jan 16, 2017
The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions).
Read full review
it_user592359 - PeerSpot reviewer
it_user592359
SRE Vice Group Manager at a tech services company with 10,001+ employees
Jan 23, 2017
The solution allows us to create custom rules for code checks.
Read full review
it_user598917 - PeerSpot reviewer
it_user598917
Senior Manager at a financial services firm
Jan 31, 2017
Scan reviews can occur during the development lifecycle.
Read full review
YD
Yafes Duygulutuna
Sr. Security Engineer at SugarCRM
Jul 4, 2017
Vulnerability details is valuable.
Read full review
it_user607392 - PeerSpot reviewer
it_user607392
Security test engineer at a tech vendor with 10,001+ employees
Feb 12, 2017
The solution communicates where to fix the issue for the purpose of less iterations.
Read full review
Show 10 more reviews (out of 75)
 

Checkmarx One Cons review quotes

RJ
Robert V. Jones
Founder at a tech company with 51-200 employees
Feb 2, 2017
The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools.
Read full review
it_user318207 - PeerSpot reviewer
it_user318207
Senior Software Security Analyst at a financial services firm with 1,001-5,000 employees
Sep 26, 2016
Meta data is always needed.
Read full review
it_user531780 - PeerSpot reviewer
it_user531780
Senior Software Security Analyst at a financial services firm with 1,001-5,000 employees
Oct 13, 2016
Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”.
Read full review
Buyer's Guide
Checkmarx One
January 2026
Free Report: Checkmarx One Reviews and More
Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
it_user538254 - PeerSpot reviewer
it_user538254
Assistant Manager Business Development at a tech services company with 501-1,000 employees
Oct 23, 2016
Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices.
Read full review
it_user547335 - PeerSpot reviewer
it_user547335
Innovation Consultant (Security Analyst) at a tech services company with 1,001-5,000 employees
Nov 6, 2016
Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed.
Read full review
GG
Gustavo_Gonzalez
Technical Program Manager at a engineering company with 10,001+ employees
Jan 16, 2017
The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode.
Read full review
it_user592359 - PeerSpot reviewer
it_user592359
SRE Vice Group Manager at a tech services company with 10,001+ employees
Jan 23, 2017
This product requires you to create your own rulesets. You have to do a lot of customization.
Read full review
it_user598917 - PeerSpot reviewer
it_user598917
Senior Manager at a financial services firm
Jan 31, 2017
C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported.
Read full review
YD
Yafes Duygulutuna
Sr. Security Engineer at SugarCRM
Jul 4, 2017
Implementing a blackout time for any user or teams: Needs improvement.
Read full review
it_user607392 - PeerSpot reviewer
it_user607392
Security test engineer at a tech vendor with 10,001+ employees
Feb 12, 2017
The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered.
Read full review
Show 10 more reviews (out of 75)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Vulnerability Management
Container Security
Static Code Analysis
API Security
Dynamic Application Security Testing (DAST)
DevSecOps
Risk-Based Vulnerability Management
Application Security Posture Management (ASPM)
AI Security

Popular Comparisons

Popular Comparisons
SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
Wiz vs Checkmarx One Logo
Wiz vs Checkmarx One
SentinelOne Singularity Cloud Security vs Checkmarx One Logo
SentinelOne Singularity Cloud Security vs Checkmarx One
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Microsoft Defender for Cloud vs Checkmarx One Logo
Microsoft Defender for Cloud vs Checkmarx One
Prisma Cloud by Palo Alto Networks vs Checkmarx One Logo
Prisma Cloud by Palo Alto Networks vs Checkmarx One
GitLab vs Checkmarx One Logo
GitLab vs Checkmarx One
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Imperva Application Security Platform vs Checkmarx One Logo
Imperva Application Security Platform vs Checkmarx One
Coverity Static vs Checkmarx One Logo
Coverity Static vs Checkmarx One
CrowdStrike Falcon Cloud Security vs Checkmarx One Logo
CrowdStrike Falcon Cloud Security vs Checkmarx One
JFrog Xray vs Checkmarx One Logo
JFrog Xray vs Checkmarx One
GitHub Advanced Security vs Checkmarx One Logo
GitHub Advanced Security vs Checkmarx One
Tenable Security Center vs Checkmarx One Logo
Tenable Security Center vs Checkmarx One
Orca Security vs Checkmarx One Logo
Orca Security vs Checkmarx One
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Vulnerability Management
Container Security
Static Code Analysis
API Security
Dynamic Application Security Testing (DAST)
DevSecOps
Risk-Based Vulnerability Management
Application Security Posture Management (ASPM)
AI Security

Popular Comparisons

Popular Comparisons
SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
Wiz vs Checkmarx One Logo
Wiz vs Checkmarx One
SentinelOne Singularity Cloud Security vs Checkmarx One Logo
SentinelOne Singularity Cloud Security vs Checkmarx One
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Microsoft Defender for Cloud vs Checkmarx One Logo
Microsoft Defender for Cloud vs Checkmarx One
Prisma Cloud by Palo Alto Networks vs Checkmarx One Logo
Prisma Cloud by Palo Alto Networks vs Checkmarx One
GitLab vs Checkmarx One Logo
GitLab vs Checkmarx One
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Imperva Application Security Platform vs Checkmarx One Logo
Imperva Application Security Platform vs Checkmarx One
Coverity Static vs Checkmarx One Logo
Coverity Static vs Checkmarx One
CrowdStrike Falcon Cloud Security vs Checkmarx One Logo
CrowdStrike Falcon Cloud Security vs Checkmarx One
JFrog Xray vs Checkmarx One Logo
JFrog Xray vs Checkmarx One
GitHub Advanced Security vs Checkmarx One Logo
GitHub Advanced Security vs Checkmarx One
Tenable Security Center vs Checkmarx One Logo
Tenable Security Center vs Checkmarx One
Orca Security vs Checkmarx One Logo
Orca Security vs Checkmarx One
See all alternatives
Related questions
  • 57
What is the biggest difference between Veracode and Checkmarx?
  • 36
Checkmarx or Veracode. Which should we choose?
  • 318
What is the Biggest Difference Between Checkmarx and Fortify?
  • 36
What is the biggest difference between Checkmarx and SonarQube?
  • 91
Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
  • 137
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 44
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 101
What are the Top 5 cybersecurity trends in 2022?
  • 128
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 54
We're evaluating Tripwire, what else should we consider?