Checkmarx One Reviews

Our main uses of this solution are to ensure our required compliance policies are met, and that we are applying best practice.

This solution helps to remediate the compliance requirements we have. 

The product also increases the quality of the code the developers are able to implement. 

The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal.

We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process.

We have been using this solution for two years.

The stability of this solution depends on the size of application to be scanned, as larger files result in lower performance levels.

This solution is not very easily scalable, and seems to lack the capability to manage a high volume of applications.

The technical support team for this solution are very supportive and skilled. They also define SLA's for their customers.

We found the initial setup of this solution to be okay, but it is very reliant on server capacity.

We would recommend that organizations considering this solution think about the size of the project involved, as this product works best with very small-scale applications.

I would rate this solution a seven out of ten.

I am using it for software assurance focused on security. I am using its latest version.

I use both the static code analysis and the open-source analysis engine. It gives visibility into weaknesses and the software that may be there in the source code and static analysis. It also gives some insights into the open source vulnerabilities that may be there in the codebase.

I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy. Typically when using SCA tools on C/C++ and C# you must compile the software for SCA to work. CX doesn’t require any compilation due to the way the tool does synthetic compilation to help find errors in code. Many times 3rd party assurance providers don’t have all the files to compile so CX comes in handy. 

They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server.

I had several issues with the installation. It should just work out of the box.

I have been using it off and on for about a year.

I've run into a few bugs here and there but i would recommend installing on virtual machine and snapshoting a working install. 

My setup is standalone. They do have a scalable version, but it's not something I need.

We're not using it a lot. Its usage is once a month. The way our organization works is that we don't do static code analysis every day. It's more on an as-needed basis. So, it's no fault of the Checkmarx tool. It's just not something that we've been working on.

They were pretty good. I would rate them a four out of five, but I was using their salespeople. It wasn't their traditional tech support, so I can't really evaluate their traditional tech support. When they're selling something, they give you a lot more service instead of having to go through the support system.

I still use other tools, so I just added it to the tool chest. I have Fortify, CodeSonar, etc  and I added Checkmarx as a different tool.

I installed it. It's straightforward to install, but I had several issues with the installation. I don't know if it was with my environment or not. If it works properly, it's a simple install, but in my example, it did not work right off the bat. There was some troubleshooting that had to go on, which was a little frustrating.

It took weeks. It required back and forth communication with support for a couple of days, but I wasn't actively working on it for days. I would run into a bug, send the log file, and go back and forth. It wasn't anything crazy, but it was a little frustrating. It should just work out of the box. It should be pretty straightforward where you just click the installer and go, but it wasn't.

It was implemented in-house, and then I had to call support when needed.

In terms of maintenance, it is pretty self-sustaining. You update it whenever it needs to be updated.

There hasn't been much return yet because we haven't used it much, but I have enough faith in it that I committed to it for multiple years. We are starting to use it more but not enough to state ROI yet

I would rate it a seven out of ten. It's not the best tool on the market, but it provides some good capability for what it is.

I am representing Checkmarx as a reseller. I work with both the cloud and on-premises versions. I have been working with Checkmarx for more than twelve years.

Checkmarx is a must-use product due to the increasing number of cyber-attacks nowadays. The product's quality and performance justify its pricing, making it a worthwhile investment.

Checkmarx offers many valuable features, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IAC), Supply Chain Security, and API Security.

The Dynamic Application Security Testing (DAST) feature should be better. The technical support service could also improve in terms of their response time.

I have been working with Checkmarx since the early days of Checkmarx, which is more than 12 years.

I would rate the stability of Checkmarx at nine out of ten.

Checkmarx is scalable, and I would rate its scalability at nine out of ten.

The customer service and support should be quicker from my point of view. I would rate them eight out of ten.

Positive

I have been working with Checkmarx for over 12 years without switching to a competitor due to Checkmarx being the best product in the market.

The initial setup is straightforward, especially with the cloud version where no deployment is needed. The on-premises version requires some time and depends on the customer's environment.

In typical circumstances, one senior engineer is enough for implementation, but in special cases, maybe two engineers are needed.

Checkmarx is cost-effective. It is a must-use product in today's cyber security environment.

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

I chose Checkmarx over competitors due to ethical considerations and its superior functionality.

Checkmarx is plug-and-play and the best product in the market at the moment, as evidenced by reports such as Gartner's.

I'd rate the solution nine out of ten.

We use the solution on a developing project. Before we bring the code to production, we have to ensure its quality, and we use this solution. 

It's easy to use. The configuration is easy. 

It has all the features we need. 

We haven't had any issues with the solution so far. It is not missing any features. 

It takes too much time to check the code. The validation process needs to be sped up. 

There have been some configuration issues. We sometimes have failures. 

I've been using the solution for two and a half years at this point. 

We've had to deal with errors. When we blacklist or whitelist, we do have some issues. There are a few configuration issues. I'd rate the stability seven out of ten. It could be improved. 

I can't speak to the scalability. I don't deal with scaling. The usage is limited. We aren't attempting to expand it. We only do two to three processes at the same time. 

Technical support is okay. We are mostly happy with the help we get. We can directly connect with them.

Neutral

I'm also using SonarQube.

I did not handle the deployment directly. We have a team that manages the tool. I'm not aware of how many people are needed to maintain and deploy the solution. 

I don't deal with the pricing directly. I don't know the exact cost. 

I'm a customer and end-user.

I would recommend the solution to other users. I'd rate the solution eight out of ten. 

We primarily use Checkmarx for assessing vulnerabilities in applications.

What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results.

One area for improvement in Checkmarx is pricing, as it's more expensive than other products.

I've used Checkmarx for four to five years.

Regarding Checkmarx stability, it's an eight out of ten.

Checkmarx is a scalable tool and much better scalability-wise than other products I used. I'm rating its scalability as eight out of ten.

We never had to contact the Checkmarx technical support team.

I was not involved in the initial setup for Checkmarx.

Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products.

My company is in the service business, so it provides services to customers. For example, the customer uses SonarQube, so my company uses the same tool to execute vulnerability assessments.

I've worked on Checkmarx, NetSuite, Acunetix, and other application security tools used by customers.

My rating for Checkmarx is eight out of ten because it's a good product, and its only con is the cost, which is high for some customers.

I recommend Checkmarx to others because of its performance. The tool has better intelligent outcomes, and Checkmarx has better automation internally.

My company is a Checkmarx customer.

We use Checkmarx as a code analysis tool.

We have always used some kind of code analysis tool and Checkmarx has been working for us at this time. We like the tool.

The most valuable feature of Checkmarx are the automation and information that it provides in the reports.

I am using Checkmarx for approximately two years.

The stability of Checkmarx could improve. We're having issues with it, but we don't want to upgrade to the newest version until we make sure that the issues we're having now aren't present in the newer version.

The scan reliability sometimes is impacted and we sometimes have to restart the services to allow scans out of the queue.

Checkmarx needs to be more scalable for large enterprise companies.

I have used the support from Checkmarx.

I rate the support from Checkmarx a seven out of ten.

Neutral

I was previously using Fortify but they were antiquated. They were not updating the solution on a regular basis.

The initial setup of Checkmarx is straightforward. The implementation of Checkmarx does not take long because we have a process for it.

We have four people that maintain Checkmarx in our company. We have professional services but I did most of the deployment myself.

My advice to others is that Checkmarx is good compared to the other tools. However, they are all comparable, it depends on what languages they want to scan. Overall, Checkmarx is a decent solution. It would be a good idea to test other solutions.

I rate Checkmarx

Checkmarx is a source code application for development, which means from the source code level, you can use Checkmarx to detect your coding errors, and to detect vulnerabilities that could have come from the different tools that you were using to develop your application. At the source code level, you can prevent the weaknesses that the application can carry on the journey of its development and use.  

Checkmarx helps the users to have a secure coding environment and experience, and a secure source code level of application. That main application can leverage or improve the service delivery to customers.

The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera. 

The software languages that they support are one of the largest in the market.

Checkmarx could improve by reducing the price.

I have been using Checkmarx within the past 12 months.

Checkmarx has been stable in my usage and I'm confident to recommend it to anybody.

Checkmarx is very scalable. It can run for a small and large organizations.

The technical support is good.

I rate the support from Checkmarx a four out of five.

Positive

The initial setup of Checkmarx is easy.

I rate the initial setup of Checkmarx a four out of five.

We use one engineer with the help of Checkmarx for support and deployment.

The price of Checkmarx could be reduced to match their competitors, it is expensive.

I strongly recommend Checkmarx to others. I have sold the solution for nearly eight years, and I'm not aware of any major complaints that the users have that could not be resolved.

I rate Checkmarx an eight out of ten.

The Checkmarx application is a live wire of technology delivery, and if your application is vulnerable, then the asset that your acquisition will run will also suffer vulnerability. Providing the scanning ability that shows the errors at the source code level is critical to have effective development of any critical application.

I would recommend Checkmarx eight because it's very critical and integral to the improvement of technology and cyber security today. It's a critical tool in protecting cyberspace, your asset in cyberspace, and an application that runs nearly all human life today. Everything is driven by technology and application.

We mainly use Checkmarx for accreditation, checking for vulnerabilities, and identifying areas in the code to fix some of the NIST 800 security controls.

The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for. It's also pretty intuitive and has a lot of good dashboards and metrics.

Checkmarx could be improved with more integration with third-party software.

I've been using Checkmarx for about six months.

We've had no issues with Checkmarx's stability.

I thought Checkmarx was pretty scalable.

My experience with Checkmarx's technical support has been very positive.

Positive

I found the setup pretty straightforward, though it took several days because the system engineers had to go through some different configuration settings to get it done.

We worked with Checkmarx when we ran into issues, and they were pretty responsive.

Checkmarx isn't accredited by the US government for DOD networks, so we've been forced to remove it from the network. I'd rate Checkmarx as seven out of ten.