Checkmarx One vs Software Risk Manager ASPM comparison

Checkmarx and Black Duck are both solutions in the Application Security Posture Management (ASPM) category. Checkmarx is ranked #3 with an average rating of 8.2, while Black Duck is ranked #14. Additionally, 88% of Checkmarx users are willing to recommend the solution.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 21, 2025

Checkmarx One and Software Risk Manager ASPM compete in the application security domain. Checkmarx One seems to have the advantage in pricing and support satisfaction, while Software Risk Manager ASPM is favored for its robust features.

Features: Checkmarx One is known for its static application security testing, seamless integration with development tools, and strong support satisfaction. Software Risk Manager ASPM is distinguished by its asset management capabilities, comprehensive reporting, and robust feature set.

Ease of Deployment and Customer Service: Checkmarx One provides a flexible deployment model and fast support responsiveness. Software Risk Manager ASPM follows a structured deployment approach, potentially requiring direct assistance.

Pricing and ROI: Checkmarx One offers competitive pricing with a significant return on investment due to streamlined deployment and effective security solutions. Software Risk Manager ASPM has higher upfront costs but delivers substantial ROI through its rich features.

To learn more, read our detailed Application Security Posture Management (ASPM) Report (Updated: February 2026).

Buyer's Guide

Application Security Posture Management (ASPM)

February 2026

Download the complete report

Helped 881,733 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex Cloud by Palo Alto N...

Featured Reviews

reviewer1980216

Business Development Manager For Palo Alto Networks at a tech services company with 1,001-5,000 employees

Unified security platform has simplified multi-cloud protection and improved threat response

From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market. Additionally, there is not a clear MSP model compared to other vendors such as CrowdStrike. These are significant limitations, especially today when managed services are becoming increasingly important for end users. Palo Alto decided to limit some functionalities because they want to stress more on Cortex XSIAM. I do not agree with this strategy because Cortex XSIAM is a completely different market compared to Cortex XDR. This is the main issue of Cortex—the commercial model Palo Alto is implementing. The product is very good; the problem is the commercial model. There are probably some areas for improvement because Palo Alto is growing too much. Today the challenge is to have skilled people, which I believe is the same issue everywhere. I do not agree with this decision.

Read full review

Shahzad Shahzad

Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution

Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance

Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.

Read full review

Saravanan_Radhakrishnan

Senior Manager at Happiest Minds Technologies

Facilitates continuous assessment of applications, covering both static and dynamic security aspects

Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The AI and automation features in detecting and responding to high-risk threats are impressive; it's one of the best tools regarding AI technology and unifies security in one platform in real-time, improving vulnerability analysis, incident response, and compliance reporting."

"I have absolutely seen improvements in our incident close rates, with mean time to detect and respond reduced significantly, sometimes by at least forty to fifty percent."

"Overall, Cortex Cloud by Palo Alto Networks is a technically strong product, and I rate it ten out of ten."

"I have seen several benefits from using Cortex Cloud by Palo Alto Networks: It was easy to use and easy to migrate from the IBM platform."

"From a technical standpoint or pricing, Cortex Cloud by Palo Alto Networks is a stronger solution in the market at the moment compared to other products from ConnectWise or Symantec."

"Cortex Cloud by Palo Alto Networks has impacted our organization positively by keeping our machines secure and our team using the dashboard to find issues quickly."

"The most beneficial aspect of Cortex Cloud by Palo Alto Networks and Palo Alto in general is that there is a single platform for all cloud providers for securitization."

"The UI is very intuitive and simple to use."

"The user interface is modern and nice to use."

"It has all the features we need."

"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."

"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."

"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."

"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."

"Checkmarx One has positively impacted my organization because in the past, when Checkmarx One scan was not implemented, we faced a lot of issues finding vulnerabilities inside the repository, but now, since we have integrated Checkmarx One into our repository, we can smoothly and very easily find vulnerabilities and manage those effectively."

More Checkmarx One pros

"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."

Cons

"Cortex Cloud by Palo Alto Networks is creating some confusion in terms of names because this is recent."

"Overall, I rate Cortex Cloud by Palo Alto Networks as an eight out of ten. I think that it could improve on price, as I know that the Google solution has the best price, and this is one of the conditions."

"From the commercial perspective, we have some limitations because Palo Alto has a minimum number of users of endpoints set at 200, which is quite high for the Italian market."

"The pricing is high, making ROI challenging to justify, especially during transitions between solutions."

"The negative aspects or areas for improvement in the product include the fact that the cost might be a bit high, which challenges commercials, but not technically."

"Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed."

"If it is a very large code base then we have a problem where we cannot scan it."

"You can't use it in the continuous delivery pipeline because the scanning takes too much time."

"For Checkmarx One, I think that adding repositories and scanning impromptu code could improve it."

"There are some downtimes when Checkmarx One is being upgraded to the latest version or some improvement is there."

"The validation process needs to be sped up."

"It is an expensive solution."

"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."

"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."

More Checkmarx One cons

"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."

Pricing and Cost Advice

Information not available

"It is the right price for quality delivery."

"The interface used to create custom rules comes at an additional cost."

"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

"The pricing was not very good. This is just a framework which shouldn’t cost so much."

"The tool's pricing is fine."

"The solution is costly."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

More Checkmarx One pricing and cost advice

"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.

See recommendations

881,733 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Performing Arts

10%

Financial Services Firm

10%

Manufacturing Company

Computer Software Company

Financial Services Firm

18%

Computer Software Company

10%

Manufacturing Company

10%

Government

Financial Services Firm

18%

Manufacturing Company

10%

Government

University

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	4
Midsize Enterprise	1
Large Enterprise	2

By reviewers
Company Size	Count
Small Business	32
Midsize Enterprise	9
Large Enterprise	46

No data available

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?

The solution is costly, with high-end capabilities suitable for enterprises. It is less affordable for startups or sm...

See all answers

What needs improvement with Cortex Cloud by Palo Alto Networks?

Regarding areas for improvement, the tool performs its functions well, but frequent name changes across Palo Alto Net...

See all answers

What is your primary use case for Cortex Cloud by Palo Alto Networks?

Cortex Cloud by Palo Alto Networks serves as our primary tool for understanding our assets and performing API integra...

See all answers

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additi...

See all answers

Ask a question

Earn 20 points

Comparisons

Wiz vs Cortex Cloud by Palo Alto Networks

Compared 18% of the time

Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks

Compared 17% of the time

SentinelOne Singularity Cloud Security vs Cortex Cloud by Palo Alto Networks

Compared 8% of the time

Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks

Compared 8% of the time

Qualys Enterprise TruRisk Platform vs Cortex Cloud by Palo Alto Networks

Compared 2% of the time

More Cortex Cloud by Palo Alto Networks Competitors

SonarQube vs Checkmarx One

Compared 47% of the time

Veracode vs Checkmarx One

Compared 4% of the time

Checkmarx SAST vs Checkmarx One

Compared 4% of the time

OpenText Core Application Security vs Checkmarx One

Compared 3% of the time

OWASP Zap vs Checkmarx One

Compared 2% of the time

More Checkmarx One Competitors

PortSwigger Burp Suite Professional vs Software Risk Manager ASPM

Compared 16% of the time

Polaris Platform vs Software Risk Manager ASPM

Compared 10% of the time

Snyk vs Software Risk Manager ASPM

Compared 9% of the time

Veracode vs Software Risk Manager ASPM

Compared 8% of the time

SonarQube vs Software Risk Manager ASPM

Compared 7% of the time

More Software Risk Manager ASPM Competitors

Product Reports

Buyer's Guide

Cortex Cloud by Palo Alto Networks

February 2026

Cortex Cloud by Palo Alto Networks report

Download Cortex Cloud by Palo Alto Networks product report

Buyer's Guide

Checkmarx One

February 2026

Download Checkmarx One product report

Buyer's Guide

Application Security Posture Management (ASPM)

February 2026

Download Software Risk Manager ASPM product report

Also Known As

No data available

Code Dx

Overview

Cortex Cloud by Palo Alto Networks provides comprehensive cybersecurity management, focusing on enhancing security operations with advanced automation and threat intelligence, addressing complex security challenges efficiently.

Cortex Cloud by Palo Alto Networks integrates cloud-scale data analytics and automation to streamline security operations, enabling faster threat detection and response. It leverages AI and machine learning to provide real-time threat intelligence and automate routine tasks, reducing the burden on security teams. Users benefit from improved visibility across networks and greater operational efficiency, making it crucial for enterprises aiming to secure their digital assets against evolving cyber threats.

What are the key features of Cortex Cloud by Palo Alto Networks?

Automated Threat Detection: Identifies and mitigates threats in real-time using AI algorithms.
Advanced Analytics: Provides in-depth data insights for proactive threat prevention.
Incident Management: Streamlines incident response with automated workflows.
Scalable Architecture: Offers flexibility to grow with organizational needs.

What benefits or ROI should you expect from Cortex Cloud by Palo Alto Networks reviews?

Increased Efficiency: Automation reduces manual efforts in threat management.
Enhanced Security Posture: Improved visibility leads to better threat preparedness.
Cost Savings: Minimizes expenses related to manual threat detection and response.
Scalability: Grows with the organization, reducing the need for constant upgrades.

Cortex Cloud by Palo Alto Networks is favored in sectors like finance, healthcare, and telecommunications, where data security is paramount. Its ability to integrate with existing infrastructure and provide real-time insights makes it a preferred choice for securing sensitive information and ensuring compliance within industry regulations.

Palo Alto Networks

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

Black Duck

Sample Customers

Information Not Available

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".

Buyer's Guide

Application Security Posture Management (ASPM)

February 2026

Download Free Report

Find out what your peers are saying about Veracode, Snyk, Checkmarx and others in Application Security Posture Management (ASPM). Updated: February 2026.

DOWNLOAD NOW

881,733 professionals have used our research since 2012.

See our list of best Application Security Posture Management (ASPM) vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Posture Management (ASPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.