Checkmarx One Reviews

We are using Checkmarx for application code scanning, such as scanning for different leverages in the application code.

The solution has good performance, it is able to compute in 10 to 15 minutes. 

Checkmarx could improve the REST APIs by including automation.

I have been using Checkmarx for approximately one year.

Checkmarx is stable.

The scalability of Checkmarx is good, we can onboard easily.

We have approximately 200 people in my organization using this solution.

I have not contacted technical support. We have not required it.

I have used SonarQube previously.

The installation is straightforward and takes approximately 40 minutes.

I am able to do the implementation myself.

We have administrators and engineers that support and maintain the solution.

We have purchased an annual license to use this solution. The price is reasonable.

I rate Checkmarx a nine out of ten.

Checkmarx is used only for static application security testing (SAST), and it can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.

I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features. So most of my customers would love to have consolidated vendors who cover all application security to lower operational overhead.

I'm a solution architect, not an end-user. I'm selling Checkmarx. This is the first year I've done business with Checkmarx. In the past five years, I worked a lot with Fortify and Micro Focus. I currently have two customers running Checkmarx, and one more is evaluating the product.

Setting up Checkmarx should be relatively straightforward. It takes a little more time for the DevOps team to enable everything, but overall deployment should take less than a week, including preparation and implementation. 

Most of my customers opted for a perpetual license. They prefer to pay the highest amount upfront for the perpetual license and then pay for additional support annually.

I rate Checkmarx eight out of 10. Until I get more extensive feedback from clients, I would rate it an eight.

It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results.

Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model.

I have been using this solution for a couple of years.

It is pretty stable.

It has the capability to scale very easily. It is not a problem.

Their support is good. It has a good webpage with a lot of details.

It is very easy to set up. It takes a couple of days. It is not an issue.

It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing. 

I would absolutely recommend this solution. I would rate Checkmarx a nine out of 10.

We use the solution for scanning the code for security.

One of the most valuable features is it is flexible. 

The integration could improve by including, for example, DevSecOps.

In an upcoming release, they could improve by adding support for more languages.

I have been using the solution for two years.

I have found the solution to be stable.

The scalability of the solution is good. We have approximately 4000 using the solution in my organization and they are mostly engineers.

The technical support we have experience was good but they could be faster.

I would recommend this solution to others.

I rate Checkmarx a six out of ten.

We're selling their licenses and their technologies. We have on-premises and cloud deployments. Its deployment depends on the customer requirements. 

It is used for a range of requirements for DevSecOps. It has been deployed to ensure that the development cycle delivers clean and secure code that is vulnerability-free. It is there as a part of the whole compliance and security process.

The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important. 

There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver.

I have been using this solution for two years.

Our customers are completely comfortable with the scalability of the technologies. They can deploy them initially in a relatively straightforward manner and then grow them into their organization quite successfully. We primarily have large customers.

Our team works with them. Their sales engineering team as well as their pre-sales capabilities are very good. They're clear. They work, and they're available, which is good. It is somewhat unusual in this business.

It depends on different technologies, but it is reasonably quite straightforward.

Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive.

They're a very good company to work with, and that's a very important aspect of any technology these days. You could find very nice technologies, but if the company is not good to work with, it could be of no use. You'll not be able to get it deployed, and you'll not get assistance. You will get bad value for good technology. Checkmarx is a nice, pleasant, and relatively easy company to work with. You will get a good return, and you will get a good partnership and relationship working with them.

I would rate Checkmarx an eight out of ten.

We are using multiple solutions for application security, and Checkmarx is one of them. We are a client-centric organization, and we are also providing support to clients for application security. Sometimes, we have our own production, and then we scan the customer information and provide application security. For a few clients, it is deployed on the cloud, and for a few customers, it is on-premises.

The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.

They can support the remaining languages that are currently not supported. They can also
create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks.

It is stable, and it works.

It is scalable. Our clients are small, medium, and big enterprises. It is for all the categories.

Their support is good. I had discussions with them multiple times. We are getting proper support.

It is straightforward. It is not a big challenge. It doesn't take long.

I would rate Checkmarx a seven out of ten.

We onboard clients with the solution. We install the product and do the first scan with them. We help developers with security and the best practices with their applications with this solution.

The most valued feature comes within the platform called Codebashing, it allows scanning code for security flaws. Our clients are able to learn from these scans and develop more secure code. The solution is easy to configure and user friendly as well. They also have support for a large variety of languages compared to other solutions and the product updates continuously.

I would like to see the DAST solution in the future. 

We have been using the solution for one year.

We had no issues and it has always worked at a top level of performance.

The solution is easy to intergate. It is plug and play and intergrates well with the pipeline and DevSecOps. Our main client is a big company and the solution works well.

The support is excellent.

The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all.

The product saves you money by minimizing the time needed to figure out how to mitigate the problems by using such features such as The Best Fixed Location and the flow charts.

We evaluated Veracode before choosing Checkmarx.

Depending on the client, we could deploy the solution on the cloud or on-premise. I would recommend Checkmarx because you can learn from the scanning done. They have some of the best features which make the product wonderful. 

I rate Checkmarx a ten out of ten.

We use Checkmarx for static analysis as part of our software development lifecycle. It is very important because it helps us identify the security flaws in the code at a very early stage. Ultimately, this helps in reducing costs.

The UI is very intuitive and simple to use. You don't need to know anything about the product before you being working with it.

The interface used to audit issues is also simple to use.

Compared to similar products, the code scanning time is fast.

Most the the static analysers come with pre-loaded rulesets. However, many times developers have to write their own custom rules. Writing custom rules in Checkmark is difficult because you need a different editor which is licensed separately. Besides not much training material is available on how to write the rules. 

We have been using Checkmarx for almost four years.

It is pretty stable and we have not had any issues. We have a monitoring team that monitors the health of our infrastructure and we are alerted to any problems.

We were able to scale easily and did not have any issues in doing so. At this team, we have between 70 and 80 applications that we are scanning with it.

We have contacted technical support a couple of times and the issues were addressed in a timely manner.

We have used other products and found that you have to spend considerable time fine-tuning the scanning engine. With Checkmarx, it is a lot less and I would say that this is one of the significant differences with this solution.

The maintenance in terms of running the scans and fine-tuning the scans is very low.

On the other hand, we have used other tools where writing custom rules is not so difficult to do.

Checkmarx is pretty straightforward and very easy to set up.

Our in-house team deployed and manages this product. I have one person who handles all of it, and the deployment can be completed within a day or two. As long as the infrastructure is ready, it can be done within a day.

Checkmarx helps us to find problems with source code at an early stage in the development, which saves us in terms of troubleshooting costs.

The interface used to create custom rules comes at an additional cost.

Checkmarx is probably one of the best static code analyzers available in the market at this point. It is very easy to deploy, use, and maintain. The amount of maintenance required is pretty low. It is absolutely a good tool that I can recommend.

Checkmarx has added a lot of functionality since we began using it. This includes OSA, the open-source scan, a training module, and run-time protection.

For static code analysis, we are only using Checkmarx and we plan to continue. 

I would rate this solution a nine out of ten.