Checkmarx Software Composition Analysis Reviews

Name: Checkmarx Software Composition Analysis
Brand: Checkmarx
Rating: 4.5 (13 reviews)

Vendor: Checkmarx

4.5 out of 5

13 reviews
100% willing to recommend

Leave a review

What is Checkmarx Software Composition Analysis?

Checkmarx Software Composition Analysis offers robust features for identifying vulnerabilities in open source components. It integrates seamlessly into development processes, ensuring security from the start with its user-friendly interface and AI-enhanced suggestions. Ideal for .NET and Java applications.

Get the Checkmarx Software Composition Analysis Buyer's Guide and find out what your peers are saying about Checkmarx Software Composition Analysis, Snyk, GitLab and more!

Checkmarx Software Composition Analysis is the #10 ranked solution in top Software Composition Analysis (SCA) solutions. PeerSpot users give Checkmarx Software Composition Analysis an average rating of 9.0 out of 10. Checkmarx Software Composition Analysis is most commonly compared to Snyk: Checkmarx Software Composition Analysis vs Snyk. Checkmarx Software Composition Analysis is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 23% of all views.

Buyer's Guide

Checkmarx Software Composition Analysis

May 2026

Get the report

Helped 892,678 peers since 2012

Featured Checkmarx Software Composition Analysis reviews

Tharindu Malwenna

Senior Application Security Engineer at a newspaper with 5,001-10,000 employees

We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the application Checkmarx Software Composition Analysis provides identification of libraries and…

Read full review

Dmitriy Savin

VP Software Developer/Architect at a financial services firm with 5,001-10,000 employees

To make the list of the vulnerabilities more clear and exposed to the users in order to see. Sometimes, we see issues high-level issues vulnerabilities that are not really issues, the interpretation of scanning. Meaning, like, outside, it's not really the issue. But it surfaces as an issue, so we probably may have a database of the errors of the vulnerabilities to expose and maybe even provide some feedback on how valuable the vulnerability is. I'm doing that. So, basically, one area that could be improved is the way that false positives are handled. In future releases, if we could create a clear RESTful API to just extract the scanning data on user-added applications and presentations.

Read full review

Sujata Sujata Ghadage

Sr Manager consultant - Digital assurance Services at adrosonic

I am more into the SAST side, which is related to Checkmarx Software Composition Analysis. Checkmarx recently introduced DAST and software composition analysis, but I am not aware much about it. Checkmarx Software Composition Analysis is a good tool with many rules, ensuring that the product offers vulnerability detection and provides good coverage. Though my company has not integrated Checkmarx Software Composition Analysis into SDLC, we do plan to do it in the future. The product helped our company deal with a major security breach when we had to deal with a lot of SQL-related issues stemming from some of the codes, which were written earlier not using a proper framework, owing to which there were many vulnerabilities in respect to LDAP, cross-site attacks and SQL injection. The product's most effective part for identifying vulnerabilities stems from the tool's SAST capabilities. The product's dashboard has improved our company's vulnerability management processes. The tool shows a proper dashboard and offers frequent remediation options and proper compliance status, which helps to know about the number of vulnerabilities and the dashboards. The accuracy of the product's vulnerability detection is 95 percent. At an organizational level, the product is hosted on the cloud. In my company, we use the product to scan reports. I don't see anything complex in the solution from the maintenance point of view. The product is deployed in a single location where multiple people use it. The product can be described as an access-based solution. For a particular project or depending on an assignment, access is given to certain people for a month or two. After the completion of a project or assignment, the product's access to a person is removed and given to another person who needs the solution for another project. I recommend the product to those who plan to use it. It is one of the best tools in the market. The product provides good coverage and ensures that the users experience a return on investment from its use in their environment. The tool is also helpful in dealing with vulnerabilities and false positives. I rate the overall tool a nine out of ten.

Read full review

Checkmarx Software Composition Analysis mindshare

As of May 2026, the mindshare of Checkmarx Software Composition Analysis in the Software Composition Analysis (SCA) category stands at 3.0%, up from 2.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Software Composition Analysis (SCA) Mindshare Distribution
Product	Mindshare (%)
Checkmarx Software Composition Analysis	3.0%
Snyk	10.9%
Black Duck SCA	9.9%
Other	76.2%

Software Composition Analysis (SCA)

PeerResearch reports based on Checkmarx Software Composition Analysis reviews

Type	Title	Date
Category	Software Composition Analysis (SCA)	May 4, 2026	Download
Product	Reviews, tips, and advice from real users	May 4, 2026	Download
Comparison	Checkmarx Software Composition Analysis vs Black Duck SCA	May 4, 2026	Download
Comparison	Checkmarx Software Composition Analysis vs Veracode	May 4, 2026	Download
Comparison	Checkmarx Software Composition Analysis vs Snyk	May 4, 2026	Download

Valuable Features

Checkmarx Software Composition Analysis offers ease of use and seamless CICB pipeline integration, enabling fast incremental scans. Users value its ability to identify component vulnerabilities, provide security from development start, and offer comprehensive visibility into software security. It supports integration with developer tools, offers configurability, and provides actionable remediation advice. The tool highlights potential license issues, offers comprehensive security scans, shows library vulnerabilities, and suggests version upgrades. The user-friendly interface and AI integration improve identification and scalability.

"What I found most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in components, especially if some critical issues exist."
"The software is very stable and works very well."
"What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start, helping you make sure that every open-source application that you use is secure and that there's no vulnerability inside that open-source application."

Room for Improvement

Checkmarx Software Composition Analysis requires enhancements in pricing and licensing models, user interface, scanning speed, integration with systems like MuleSoft, and handling of false positives. Users desire faster updates to address vulnerabilities and improvements in dynamic analysis and API functionality. Support quality, performance during scans, and user-friendly implementation also need attention. Customer feedback highlights the need for more accurate vulnerability assessments and a "what if" feature to simulate changes without full reruns.

"An area for improvement in Checkmarx Software Composition Analysis is for the updates to be fast."
"In terms of time and quality of support, Checkmarx SCA needs improvement."
"The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours."

Pricing

Enterprise users find Checkmarx Software Composition Analysis pricing to be on the higher side, with a complex licensing model based on user numbers, project scans, and additional factors. The high cost can be challenging for small organizations, though larger companies benefit significantly. Compared to competitors, pricing appears less competitive, necessitating careful evaluation of value versus expense. Enterprises typically opt for annual subscriptions, although usage can be limited to specific team sizes.

"We don't have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage."
"My customers need to pay for the licensing part, and they need to opt for an annual subscription."
"The license model is somewhat perplexing as it comprises multiple aspects that can be confusing for customers. The model is determined by the number of registered users and the number of projects being scanned, along with a third component that adds to the complexity."

Popular Use Cases

Checkmarx Software Composition Analysis is mainly used by IT security and development teams for detecting vulnerabilities in open-source components of applications. Commonly integrated into CI/CD pipelines, it performs static code analysis and checks the integrity of libraries, focusing on .NET and Java applications. It facilitates security scanning and vulnerability identification in various domains, including banking and insurance, and helps manage legal and licensing risks associated with open-source software.

Service and Support

Checkmarx Software Composition Analysis has responsive and dedicated customer service. Their team often resolves issues quickly, with same-day responses. Support is available 24/7 and rates high in effectiveness. Users appreciate helpful assistance during installation and for queries, highlighting good documentation. Some feedback suggests a decline in support quality compared to previous years. Integrators are recognized for being knowledgeable and customer-friendly, providing excellent assistance through various communication channels.

Deployment

Users found Checkmarx Software Composition Analysis's initial setup straightforward and user-friendly, often describing it as easy and uncomplicated. While some highlighted effortless plug-and-play installation, others mentioned minimal deployment times, ranging from a couple of hours to a few days. Technical support was noted as helpful in some cases. Organizations appreciated the seamless integration with platforms like GitHub and Jenkins, guided effectively by available documentation, allowing for management by individuals with limited technical expertise.

Scalability

Checkmarx Software Composition Analysis exhibits strong scalability. Multiple users commend its capacity to support unlimited projects and its efficient data consumption. Ratings for scalability generally fall between seven to ten, reflecting positive experiences with adaptability across various projects. Despite some limited usage, several users highlight its ability to perform well with diverse applications, including SaaS and code batching solutions. The number of users often fluctuates, contributing to its flexibility and resource optimization.

Stability

Checkmarx Software Composition Analysis is highly stable according to users who report it performing as expected without major issues even during upgrades. They indicate it supports numerous projects and scans efficiently. Stability ratings average between eight and nine out of ten. Some note occasional performance bottlenecks, especially when using a European-based cloud, which can slow scans significantly. However, most agree it is a stable platform as the company progresses.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Checkmarx Software Composition Analysis Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	5
Large Enterprise	6

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	31
Midsize Enterprise	28
Large Enterprise	114

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

23%

Manufacturing Company

Insurance Company

Construction Company

Comms Service Provider

Computer Software Company

Energy/Utilities Company

Government

Performing Arts

Media Company

Outsourcing Company

Transportation Company

Educational Organization

Hospitality Company

Wholesaler/Distributor

Real Estate/Law Firm

Marketing Services Firm

Healthcare Company

Logistics Company

Pharma/Biotech Company

Retailer

University

Non Profit

Consumer Goods Company

Legal Firm

Engineering Company

Leisure / Travel Company

Wellness & Fitness Company

Agriculture

Security Firm

Sports Company

Compare Checkmarx Software Composition Analysis with alternative products

Learn more about Checkmarx Software Composition Analysis

Checkmarx Software Composition Analysis is an essential tool for developers looking to manage and secure open-source components. Known for its ease of integration and user-friendly design, it excels in providing comprehensive security by detecting vulnerabilities and offering actionable solutions. Developers gain from its configurability and visibility into library vulnerabilities. It further supports development with version upgrade suggestions and detailed insights, ensuring secure open-source component integration. Enhancing its effectiveness, AI-powered suggestions minimize false positives and improve scalability. While optimization of speed, performance, and pricing are anticipated, its strong integration capabilities within CI/CD pipelines make it a preferred choice for secure software development.

What are the key features of Checkmarx Software Composition Analysis?

User-Friendly Interface: Simplifies navigation and enhances usability for developers.
Incremental Scan Capability: Allows efficient continuous security assessments.
Vulnerability Detection: Provides detailed insights and solutions for identified issues.
AI-powered Suggestions: Minimizes false positives and enhances efficiency.
License Management: Assists in handling and managing license issues effectively.

What benefits can users expect from Checkmarx Software Composition Analysis?

Enhanced Security: Maintains robust protection against vulnerabilities in open source components.
Compliance Assurance: Ensures adherence to industry standards and regulations.
Visibility and Insight: Offers detailed insights into potential risks within libraries.
Scalability: Supports large-scale integration without compromising on performance.

In industries like banking and insurance, Checkmarx Software Composition Analysis proves instrumental. Utilizing static code analysis, it assists these sectors by identifying security weaknesses in software. Its integration capability with CI/CD pipelines ensures that applications adhere to strict industry compliance and security standards.

Checkmarx Software Composition Analysis was previously known as CxSCA.

Checkmarx Software Composition Analysis customers

AXA, Liveperson, Aaron's, Playtech, Morningstar

Product Categories

Software Composition Analysis (SCA)

Popular Comparisons

Snyk vs Checkmarx Software Composition Analysis

GitLab vs Checkmarx Software Composition Analysis

Veracode vs Checkmarx Software Composition Analysis

JFrog Xray vs Checkmarx Software Composition Analysis

Black Duck SCA vs Checkmarx Software Composition Analysis

Mend.io vs Checkmarx Software Composition Analysis

Sonatype Lifecycle vs Checkmarx Software Composition Analysis

Semgrep vs Checkmarx Software Composition Analysis

Invicti vs Checkmarx Software Composition Analysis

Polaris Platform vs Checkmarx Software Composition Analysis

FOSSA vs Checkmarx Software Composition Analysis

CAST Highlight vs Checkmarx Software Composition Analysis

Kodem's Dynamic SCA vs Checkmarx Software Composition Analysis

CAST SBOM Manager vs Checkmarx Software Composition Analysis

See all alternatives

Checkmarx Software Composition Analysis Reviews Summary
Author info	Rating	Review Summary
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees	4.0	I used Checkmarx Software Composition Analysis to identify third-party libraries and determine their usage, which helped us reduce vulnerable libraries by 50%. It provides valuable feature suggestions but could improve in assessing upgrade success factors.
VP Software Developer/Architect at a financial services firm with 5,001-10,000 employees	4.0	I use Checkmarx's SCA for regular code vulnerability scanning. Its configurability and easy-to-understand security results are valuable. However, improvements in handling false positives and clearer RESTful API access could enhance its effectiveness.
Sr Manager consultant - Digital assurance Services at adrosonic	4.5	I've used Checkmarx Software Composition Analysis in banking and insurance projects, appreciating its rules and coverage. While it's more costly than alternatives like Veracode and SonarQube, its security and static analysis justify consideration despite pricing and DAST improvement needs.
Cyber Security Engineer at Rah Infotech Pvt Ltd	4.5	I review developer code using Checkmarx Software Composition Analysis to find vulnerabilities, which are then addressed collaboratively. The tool integrates easily with Java tools like Eclipse, though it has occasional crashes and lacks robust API security. I also use Rapid7 and Qualys.
Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees	4.5	I use Checkmarx Software Composition Analysis to check library versions for vulnerabilities. The user-friendly GUI helps prioritize changes with specific guidance. An integrated "what if" simulation feature would enhance convenience by allowing impact checks without full reanalysis.
Sr. Director Global Solutions Development at a energy/utilities company with 10,001+ employees	4.5	I use Checkmarx Software Composition Analysis to scan software for security vulnerabilities. The comprehensive security scan is its most valuable feature, though the implementation process could be more user-friendly. I haven't used or considered similar solutions.
Senior Security Analyst (AppSec) at ELETROBRAS	5.0	I integrated Checkmarx Software Composition Analysis into our CI/CD pipeline. It excels at identifying vulnerabilities, offering visibility and remediation recommendations. Though dynamic analysis needs improvement, it shows fewer false positives than Fortify SCA, enhancing our development process.
Founder & Chairman at Endpoint-labs Cyber Security R&D	4.5	I rate Checkmarx SCA highly for identifying open-source vulnerabilities and license issues; it's stable, scalable, and easy to set up. However, I'm disappointed by the declining quality of its customer support.

Title	Rating	Mindshare	Recommending
Snyk	4.1	10.9%	100%	51 interviews Add to research
GitLab	4.2	3.5%	97%	91 interviews Add to research

Checkmarx Software Composition Analysis Reviews

What is Checkmarx Software Composition Analysis?

Featured Checkmarx Software Composition Analysis reviews

Checkmarx Software Composition Analysis mindshare

PeerResearch reports based on Checkmarx Software Composition Analysis reviews

Valuable Features

Room for Improvement

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Checkmarx Software Composition Analysis with alternative products

Learn more about Checkmarx Software Composition Analysis

Checkmarx Software Composition Analysis customers

Related questions

Product Categories

Popular Comparisons