Checkmarx One Reviews

We are using Checkmarx for analyzing threats.

We are not using the latest version of Checkmarx because we faced some issues.

Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities.

SonarCube functions better in these areas.

I have used Checkmarx within the last 24 months.

The stability of Checkmarx could improve.

I would rate the stability of Checkmarx a six out of ten.

The solution is scalable, but other solutions are better.

We have 20 developers using this solution. We have a few projects left to use this solution and then we will move to something else next year.

The support could improve, it takes a long time for a response. The service we received was poor.

I am using Checkmarx in parallel with SonarQube.

We didn't like how long they took to implement the product. The installation was not intuitive. We were constantly having meetings and installation additional things.

The implementation process should improve.

We were helped by both the local partner and the vendor for the implementation.

We have two developers for the maintenance and support of Checkmarx.

We're using a commercial version of Checkmarx, and we paid for the solution for two years. The price is high and could be reduced.

The local distributor charges two times higher than in other countries.

The purchase of this solution was a mistake.

I would advise others to deploy the solution and to test all of the functionality before buying and do not trust the marketing from Checkmarx.

I rate Checkmarx a four out of ten.

We use the product for static code analysis, supply chain, and container security.

The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility.

The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform.

We have been using Checkmarx's on-premise version for four years. We switched to the cloud version recently.

I rate the product's stability a nine or ten out of ten.

We have 40 Checkmarx users in our organization. I rate its scalability a nine out of ten.

The technical support team promptly addresses the issues.

The initial setup process is easy.

I rate Checkmarx an eight out of ten.

We use the solution for our international customers.

The UI is user-friendly.

The Fast feature for static application security testing is the most valuable.

The plugins for the development environment have room for improvements such as for Android Studio and X code.

I have been using the solution for two months.

I give the stability a seven out of ten.

I give the scalability a nine out of ten.

The scalability is based on the number of licenses. We currently have five licenses.

The technical support is quick to respond.

Positive

I give the initial setup an eight out of ten. The deployment takes about ten minutes.

The implementation was completed by a consultant.

The solution is costly. I give the solution a six out of ten for price.

I give the solution a nine out of ten.

Checkmarx is used for application security, we can detect the stability and other details on how to fix issues.

The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results.

Checkmarx could improve the speed of the scans.

I have been using Checkmarx for approximately half a year.

We have five people in our company that uses Checkmarx, we do not plan to increase usage.

I have used the support from Checkmarx.

I have not used another before Checkmarx.

The initial setup of Checkmarx was very easy. The process took approximately one hour. We only need to provide information.

We have five people that are supporting Checkmarx in our company.

This solution is one of the easiest solutions I have used. We have professional services set it up for us but the scans are not enough for us.

I rate Checkmarx an eight out of ten.

We are using Checkmarx for application code scanning, such as scanning for different leverages in the application code.

The solution has good performance, it is able to compute in 10 to 15 minutes. 

Checkmarx could improve the REST APIs by including automation.

I have been using Checkmarx for approximately one year.

Checkmarx is stable.

The scalability of Checkmarx is good, we can onboard easily.

We have approximately 200 people in my organization using this solution.

I have not contacted technical support. We have not required it.

I have used SonarQube previously.

The installation is straightforward and takes approximately 40 minutes.

I am able to do the implementation myself.

We have administrators and engineers that support and maintain the solution.

We have purchased an annual license to use this solution. The price is reasonable.

I rate Checkmarx a nine out of ten.

Checkmarx is used only for static application security testing (SAST), and it can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.

I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features. So most of my customers would love to have consolidated vendors who cover all application security to lower operational overhead.

I'm a solution architect, not an end-user. I'm selling Checkmarx. This is the first year I've done business with Checkmarx. In the past five years, I worked a lot with Fortify and Micro Focus. I currently have two customers running Checkmarx, and one more is evaluating the product.

Setting up Checkmarx should be relatively straightforward. It takes a little more time for the DevOps team to enable everything, but overall deployment should take less than a week, including preparation and implementation. 

Most of my customers opted for a perpetual license. They prefer to pay the highest amount upfront for the perpetual license and then pay for additional support annually.

I rate Checkmarx eight out of 10. Until I get more extensive feedback from clients, I would rate it an eight.

It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results.

Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model.

I have been using this solution for a couple of years.

It is pretty stable.

It has the capability to scale very easily. It is not a problem.

Their support is good. It has a good webpage with a lot of details.

It is very easy to set up. It takes a couple of days. It is not an issue.

It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing. 

I would absolutely recommend this solution. I would rate Checkmarx a nine out of 10.

We use the solution for scanning the code for security.

One of the most valuable features is it is flexible. 

The integration could improve by including, for example, DevSecOps.

In an upcoming release, they could improve by adding support for more languages.

I have been using the solution for two years.

I have found the solution to be stable.

The scalability of the solution is good. We have approximately 4000 using the solution in my organization and they are mostly engineers.

The technical support we have experience was good but they could be faster.

I would recommend this solution to others.

I rate Checkmarx a six out of ten.