Try our new research platform with insights from 80,000+ expert users
Checkmarx SAST Logo

Checkmarx SAST pros and cons

Vendor: Checkmarx
4.1 out of 5
Leave a review

Pros & Cons summary

Checkmarx SAST identifies source code vulnerabilities early, protecting against attacks with essential security features. CX1 platform unifies SAST, SCA, DAST, container scanning, and infrastructure code. IDE integration aids developers with direct results, enhancing vulnerability resolution. While detailed reports improve security processes, false positives and a high price challenge mid-sized companies. On-premises versions are pricier than cloud versions, and technical communication delays persist, requiring vendor improvements for wider affordability and accuracy.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the category report

Prominent pros & cons

PROS

Checkmarx SAST offers the competitive advantage of identifying vulnerabilities in source code immediately, even before coding is complete.
Checkmarx protects companies against attacks, providing essential security features.
The CX1 platform is unified and beneficial for covering SAST, SCA, DAST, container scanning, and infrastructure code for clients seeking comprehensive solutions.
The integration within IDEs aids developers by embedding results directly, facilitating early vulnerability identification and resolution.
Detailed reports from Checkmarx SAST enhance security processes by pinpointing exact lines of code that are vulnerable, aiding developers effectively.

CONS

On-premises version is more expensive compared to the cloud version.
Checkmarx did not identify some vulnerabilities, requiring vendor intervention for tool improvement.
Price is a major challenge, with many mid-sized companies finding it unaffordable.
Accuracy issues arise from false positives, impacting vulnerability assessments.
Turnaround time and frequent changes in technical account managers cause communication delays.
 

Checkmarx SAST Pros review quotes

Cuneyt KALPAKOGLU Phd. - PeerSpot reviewer
Cuneyt KALPAKOGLU Phd.
Founder & Chairman at Endpoint-labs Cyber Security R&D
Oct 7, 2024
The most important competitive advantage and benefit is the ability to identify vulnerabilities in the source code immediately without needing to complete the coding.
Read full review
reviewer2392968 - PeerSpot reviewer
reviewer2392968
IT Transformation Project Manager at a financial services firm with 10,001+ employees
Dec 16, 2024
The most important feature is that Checkmarx protects our company against attacks.
Read full review
reviewer1635690 - PeerSpot reviewer
reviewer1635690
Key Account Manager at a tech services company with 11-50 employees
Sep 5, 2025
The CX1 is a unified platform that covers all components such as SAST, SCA, DAST, container scanning, and infrastructure code, which is quite beneficial because some clients need one-stop solutions for all their needs.
Read full review
Buyer's Guide
Static Application Security Testing (SAST)
January 2026
Download Free Report
Find out what your peers are saying about Checkmarx, Qualys, SonarSource Sàrl and others in Static Application Security Testing (SAST). Updated: January 2026.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
Tharindu Malwenna - PeerSpot reviewer
Tharindu Malwenna
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees
Oct 17, 2025
This helps us a lot in identifying vulnerabilities in early stages, and the integration within the IDEs helps developers get the results into their IDE itself, making it easier for them to fix vulnerabilities.
Read full review
RaghavendraRao PV - PeerSpot reviewer
RaghavendraRao PV
Senior Manager at Newfold Digital
Jan 12, 2026
The detailed reports from Checkmarx SAST help with our security process by showing details about which line is actually vulnerable, which is beneficial for the developers, and I do not have any suggestions or inputs on that area.
Read full review
 

Checkmarx SAST Cons review quotes

Cuneyt KALPAKOGLU Phd. - PeerSpot reviewer
Cuneyt KALPAKOGLU Phd.
Founder & Chairman at Endpoint-labs Cyber Security R&D
Oct 7, 2024
The on-premises version is more expensive compared to the cloud version.
Read full review
reviewer2392968 - PeerSpot reviewer
reviewer2392968
IT Transformation Project Manager at a financial services firm with 10,001+ employees
Dec 16, 2024
We had some issues where Checkmarx did not recognize a vulnerability.
Read full review
reviewer1635690 - PeerSpot reviewer
reviewer1635690
Key Account Manager at a tech services company with 11-50 employees
Sep 5, 2025
The main challenge with Checkmarx SAST is the price. The price is a challenge because Checkmarx SAST is a very big brand, and many mid-sized companies cannot afford it as they are very price-conscious.
Read full review
Buyer's Guide
Static Application Security Testing (SAST)
January 2026
Download Free Report
Find out what your peers are saying about Checkmarx, Qualys, SonarSource Sàrl and others in Static Application Security Testing (SAST). Updated: January 2026.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
Tharindu Malwenna - PeerSpot reviewer
Tharindu Malwenna
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees
Oct 17, 2025
The accuracy of the results depends on various factors, as some of the test folders tend to give us false positives, which makes a huge impact on the vulnerabilities.
Read full review
RaghavendraRao PV - PeerSpot reviewer
RaghavendraRao PV
Senior Manager at Newfold Digital
Jan 12, 2026
I believe that nothing in particular could be improved about Checkmarx SAST, only the turnaround time and the fact that technical account managers keep moving around, which leads to some lag in communication.
Read full review

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs Checkmarx SAST Logo
SonarQube vs Checkmarx SAST
Snyk vs Checkmarx SAST Logo
Snyk vs Checkmarx SAST
GitLab vs Checkmarx SAST Logo
GitLab vs Checkmarx SAST
Checkmarx One vs Checkmarx SAST Logo
Checkmarx One vs Checkmarx SAST
Veracode vs Checkmarx SAST Logo
Veracode vs Checkmarx SAST
OWASP Zap vs Checkmarx SAST Logo
OWASP Zap vs Checkmarx SAST
Qualys Web Application Scanning vs Checkmarx SAST Logo
Qualys Web Application Scanning vs Checkmarx SAST
Semgrep vs Checkmarx SAST Logo
Semgrep vs Checkmarx SAST
Aikido Security vs Checkmarx SAST Logo
Aikido Security vs Checkmarx SAST
GitHub Code Scanning vs Checkmarx SAST Logo
GitHub Code Scanning vs Checkmarx SAST
Cycode vs Checkmarx SAST Logo
Cycode vs Checkmarx SAST
Ox Security vs Checkmarx SAST Logo
Ox Security vs Checkmarx SAST
Kodem's Dynamic SCA vs Checkmarx SAST Logo
Kodem's Dynamic SCA vs Checkmarx SAST
NowSecure vs Checkmarx SAST Logo
NowSecure vs Checkmarx SAST
See all alternatives

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs Checkmarx SAST Logo
SonarQube vs Checkmarx SAST
Snyk vs Checkmarx SAST Logo
Snyk vs Checkmarx SAST
GitLab vs Checkmarx SAST Logo
GitLab vs Checkmarx SAST
Checkmarx One vs Checkmarx SAST Logo
Checkmarx One vs Checkmarx SAST
Veracode vs Checkmarx SAST Logo
Veracode vs Checkmarx SAST
OWASP Zap vs Checkmarx SAST Logo
OWASP Zap vs Checkmarx SAST
Qualys Web Application Scanning vs Checkmarx SAST Logo
Qualys Web Application Scanning vs Checkmarx SAST
Semgrep vs Checkmarx SAST Logo
Semgrep vs Checkmarx SAST
Aikido Security vs Checkmarx SAST Logo
Aikido Security vs Checkmarx SAST
GitHub Code Scanning vs Checkmarx SAST Logo
GitHub Code Scanning vs Checkmarx SAST
Cycode vs Checkmarx SAST Logo
Cycode vs Checkmarx SAST
Ox Security vs Checkmarx SAST Logo
Ox Security vs Checkmarx SAST
Kodem's Dynamic SCA vs Checkmarx SAST Logo
Kodem's Dynamic SCA vs Checkmarx SAST
NowSecure vs Checkmarx SAST Logo
NowSecure vs Checkmarx SAST
See all alternatives
Related questions
  • 130
What Application Security Solution Do You Use That Is DevOps Friendly?
  • 14
Which is the most comprehensive open source Web Security Testing tool?
  • 39
What is the best Application Security Testing platform?
  • 16
When evaluating Application Security Testing, what aspect do you think is the most important to look for?
  • 38
SAST vs. DAST: Which is better for application security testing?
  • 30
What tools do you rely on for building a DevSecOps pipeline?
  • 56
What does the Log4j/Log4Shell vulnerability mean for your company?
  • 36
Checkmarx or Veracode. Which should we choose?
  • 70
What are your recommended automated penetration testing tools?
  • 24
What are the OWASP top 10 in 2020?