Checkmarx One Reviews

Our primary use case for this solution is SAST, Static Application Security Testing.

Our static operation security has been able to identify more security issues since implementing this solution.

There are many good features like site integration, but the most valuable feature for us is the XL scan of source code. 

It would be really helpful if the level of confidence was included, with respect to identified issues. Some competitors have this feature, and it helps a lot to concentrate on the real findings.

In general, stability is good, although sometimes it crashes. We use this product daily, and I would rate the stability a four out of five.

The scalability is very good.

Technical support for this solution is very effective. Each time we have had questions, the answers they provided have been very clear and comprehensive.

Prior to this solution, we were using IBM Security AppScan. We had many, many issues with the application, along with complaints about the deployment time. The main reason we switched is that it was not updated, and it did not support certain technologies. For example, it did not support Visual Studio 2017, so we had to switch to a new solution.

The initial setup for this solution is straightforward.

It took less that one day to deploy.

We handled the implementation in-house.

We have not yet seen ROI.

We did evaluate other options.

If people are in need of static application security, then I would recommend this product.

I would rate this solution an eight out of ten.

Now we have information about which specific sections have to be fixed. We can now remove the issue from most of the sections.

The solution communicates where to fix the issue for the purpose of less iterations.

The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered.

There were no stability issues.

There were no scalability issues.

I would give technical support a rating of 8/10.

We switched solutions due to the client's requirements.

I faced a few issues in the installation due to my local policies. The customer support was very helpful.

We looked at other tools, such as HPE Security and ZAP solutions.

Go for it, if you want testing on the code level.

We use the solution for our international customers.

The UI is user-friendly.

The Fast feature for static application security testing is the most valuable.

The plugins for the development environment have room for improvements such as for Android Studio and X code.

I have been using the solution for two months.

I give the stability a seven out of ten.

I give the scalability a nine out of ten.

The scalability is based on the number of licenses. We currently have five licenses.

The technical support is quick to respond.

Positive

I give the initial setup an eight out of ten. The deployment takes about ten minutes.

The implementation was completed by a consultant.

The solution is costly. I give the solution a six out of ten for price.

I give the solution a nine out of ten.

Our primary use case solution is for code scanning.

It has made our organization more efficient with our whole code scan/deployment process for our software applications.

The most valuable features are:

• Ease of use
• Dashboard
• Interface
• Report

I have not had an issue with stability of the product.

There have been no issues with scalability that I am aware of.

I have not needed the use of technical support.

Previously, we considered: Veracode, SonarQube, Fortify and IBM Security AppScan.

I was not involved in the initial setup of the solution.

One should consider:

• Visual studio
• Report generation
• If the solution can be on-prem
• Pricing

It is an expensive solution.

Be cautious of the one-year subscription date. Once it expires, your price will go up.

I have used it for source code scanning of security vulnerabilities. It seems to be a good tool. It gives the proper code flow of vulnerabilities and the number of occurrences.

We have scanned various applications with it. It works fine, although we need to check manually for false positive issues. 

After scanning, it shows in-depth code of where actual vulnerabilities are, which helps us to analyze them.

It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use.

We use Checkmarx to review the source code for the external applications that we expose to the cloud or other servers on the internet.

We received two main benefits from Checkmarx:

1. Better Security
2. Saving Time

I recommend Checkmarx to be sure that your development has robust security. For your team management, Checkmarx has a very nice feature to check out manual staff in the process.

The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time.

Checkmarx could probably do something to improve their license model. If you have a small company, or if you have a small team with just one or two applications, the entry-level price is too high for such a company. 

You can find all the solutions offered by Checkmarx through other solutions providers. That is why this type of company needs to be more flexible. 

In this space, you have a security code and also you have a quality code. It is totally different in terms of investment. In terms of functionality, there are a lot of differences between the various competing products. 

With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too.

The problem with Checkmarx lies with the pricing and licensing, not the product itself. The product is very good.

Checkmarx is a good product, certainly stable.

The scalability is good. We haven't had any problems with it.

Our experience with technical support is good. They have a lot of expert staff on their customer service lines. We have had no problems with their technical support services.

We used Veracode for some time and it's also a good solution. Veracode fits better for small companies. It's more automatic.

Checkmarx is more complete and they have more features to support our development team and security team requirements.

In general, Checkmarx is a better solution, but it's more complicated, especially in terms of the price for a small company.

Our deployment of Checkmarx took a couple of days, at max, a week. 

The setup was a long time back, but I know that we did not use a reseller or consultant for the deployment.

We evaluated some products from a company in Spain. Checkmarx provided better functionality and options for us.

We have a small team. It is about four people in total. We do not require that many staff for the deployment and maintenance of Checkmarx.

We are testing the solution in a small local company. Our idea is to expand the use of it to our clients in the West.

In this space, you can have different points of view and if only you are looking for a solution to do a check in your auditory report, then you can choose anyone. 

If you really are worried about your business, i.e. about your development sites or development environments, Checkmarx is a great solution.

I would rate Checkmarx a nine out of ten because of the price, but technically for me, it is a 10. 

I would rate Checkmarx with a nine because it would be perfect at a more functional level, and could be better at providing these features for parity. 

If you research what Checkmarx is offering in their package distribution, you get exactly what they promise up front, so they are not lying.

We have been using this product extensively for a lot of applications to identify as well as employ proper remediation which makes the application secure including information issues which might get neglected with a manual code review process.

Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application. It therefore makes it easier to identify these as well as fix them.

Checkmarx has the detailed description of all the vulnerabilities which it identifies after the source code scan. These descriptions are just a click away. Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed.

We have not yet encountered any stability issues.

The solution provides high scalability. I am not sure about the limit of scans but it is sufficiently high. However, the issues which we faced were related to database backup. Unfortunately, Checkmarx doesn't do any automated backups which is quite inconvenient.

I would rate the technical support as average. We never had to communicate much with the technical team but based on my knowledge the response from their end was delayed.

I am not aware of any previous solutions.

The setup was straightforward.

It is a good product but a little overpriced.

I don't have much idea about other options since the organization had already purchased the product before I joined.

Better to look out for other products available in the market as well.

Checkmarx is used for application security, we can detect the stability and other details on how to fix issues.

The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results.

Checkmarx could improve the speed of the scans.

I have been using Checkmarx for approximately half a year.

We have five people in our company that uses Checkmarx, we do not plan to increase usage.

I have used the support from Checkmarx.

I have not used another before Checkmarx.

The initial setup of Checkmarx was very easy. The process took approximately one hour. We only need to provide information.

We have five people that are supporting Checkmarx in our company.

This solution is one of the easiest solutions I have used. We have professional services set it up for us but the scans are not enough for us.

I rate Checkmarx an eight out of ten.