Checkmarx One Reviews

Checkmarx saves us a lot of time. We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code.

The most valuable feature is that Checkmarx scans code for security vulnerabilities without needing to compile first.

Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”.

We encountered stability issues when scanning large code blocks. It consumes a lot of memory, and at times, Checkmarx services freeze and don’t work properly.

I don’t know of any scalability issues.

Just four words for the technical support team: “Checkmarx team is awesome”.

Before Checkmarx, we used HPE Security Fortify and IBM AppScan. We also tried several open-source scanning tools.

Overall, the initial setup is easy. Checkmarx provides an installer binary and we just need go through the wizard for an express installation. If we need an advanced configuration, we contact the Checkmarx support team.

I believe pricing is better compared to other commercial tools.

Yes, we compared Checkmarx features and benefits with IBM AppScan and HPE Security Fortify.

Personally, I recommend Checkmarx for static analysis.

As an InfoSec consulting company, we come across major challenging projects. Checkmarx has made life easy and my team is best at using it. It reduces manual efforts in using test cases against any vulnerability found during source code reviews. Apart from OWASP Top Ten, Checkmarx is quite intelligent to find the latest vulnerability and report it.

Some valuable features of this product are:

• Very comprehensive scanning
• Less false positive errors as compared to any other solution
• Incremental scanning
• Supports all major languages

Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices.

I have not encountered any stability issues.

I have not encountered any scalability issues.

I have never used technical support, so can't comment. We ourselves are expert at it.

We have used no other product.

The setup process was simple.

It is the right price for quality delivery.

We did not evaluate other options, before choosing this product.

Go for it.

Cx gives you the ability to push SAST down much lower in the SDLC process. With the use of multiple IDE plugins and the ability to do "incremental" scanning, a scan of your latest code does not bog down your machine as it is offloaded.

It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc).

Meta data is always needed. More tutorials/videos for developers to fix their vulnerabilities is nice. Although the API is useful, I would like to see more functionality added.

I've had to restart services/bounce the VM on two rare occasions.

It scales very easy.

Customer Service:

Customer service is good. Engineers have been quick to get back to me regarding issues and custom work that I have performed.

Technical Support:

Technical support is very knowledgeable.

Initial setup couldn't be any easier. Cx has good documentation on environment requirements. As long as you meet those, the installation process takes maybe 30 minutes for an initial setup; perhaps a bit longer if you're adding multiple engines.

An in-house team implemented it.

Everything is negotiable. Checkmarx approached our dealings in good faith and clearly wanted to be around for awhile. It is much more inexpensive than some alternatives.

Before choosing, we also evaluated Fortify, IBM Appscan, Veracode, etc.

It provides us with code analysis.

It helps with vulnerability scanning of codes to prevent vulnerability of our applications.

I've used it for one year.

No issues encountered.

Straight forward. Easy to follow steps. 

I worked for an IT security firm and it was quite easy to setup the product for demo purposes virtually and even physically on the client premises

It was straightforward, as it has easy to follow steps. 

I worked for an IT security firm and it was quite easy to setup the product for demo purposes virtually and even physically on the client premises.

The license is fairly costly but worth the investment.

They're all as valuable as each other.

We have used this product to verify the dev department's code in order to minimize security holes.

It needs better role management.

I've used it for three years.

No issues encountered.

No issues encountered.

No issues encountered.

It's very good.

It's very good.

This is the only solution I have used.

Very straightforward.

I implemented it myself.

Licensing is expensive per X amount of lines in the code.

No other options were evaluated.

It provides a graphical view of any vulnerabilities.

I have used it as a consultant.

It could be improved with more reporting of false positives and the understanding of file references.

I've used it for one year.

No issues encountered.

No issues encountered.

One needs to be sure on the number of LOC that will be run and also the size of the code.

8/10.

8/10.

I have used Armorize codesecure.

It's a straightforward deployment, and it learns with time.

I implement it.

I use the tool for testing purposes. 

The tool's valuable features include integrating GPT and Copilot. Additionally, the UI web representation is very user-friendly, making navigation easy. GPT has made several improvements to my security code.

I can't create a business case with multiple-factor authentication.

I have been working with the product for two years. 

While support handles tickets and resolves specific issues, such as business cases, it can be frustrating waiting for responses. They often take a lot of time to address cases or provide resolutions.

Neutral

Checkmarx One's deployment is easy. When we deployed it for a new client, it took around a month to complete. This involved setting up all parameters and sub-administrators. Additionally, finalizing the project involved several tasks, such as scanning with all security gates.

We can get a return in six months. 

The tool's pricing is fine. 

I rate the overall product an eight out of ten. 

We use the solution for dynamic application testing. 

I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side. 

I have been working with the product for seven months. 

I would rate the product's stability a ten out of ten.

I would rate the product's scalability a ten out of ten. My company has 15 users for the produc. 

The solution's technical support is good. 

Positive

The tool's setup is very straightforward and I would rate it a ten out of ten. The product's deployment took one to two months to complete. We required the technical and development team which consisted of four to five people to handle the deployment. 

The solution's price is high and you pay based on the number of users. 

I would rate the product a ten out of ten. The solution is the best tool for developers and organizations.