Incident Manager at a computer software company with 1,001-5,000 employees
Real User
Top 5
Jan 12, 2026
I manage the application security side of the products here, currently utilizing solutions such as Checkmarx, Akamai, Traceable, and Invicti, which are the security scanning tools that we use. In the organization where I'm working, we are using Checkmarx SAST as well as SCA, and for the SCA solution, we have moved to Checkmarx One, which provides both options. I joined here two years ago, but even before I joined, I heard that from 2020 or something, this company has been using Checkmarx for the SAST solution. Checkmarx SAST is deployed using a cloud-based model, and it is not on-premises. Checkmarx SAST is primarily used for post-development activities in our organization, and we want to integrate it into the user interface itself. Checkmarx plug-ins are being worked on, and they still work on the IDE part of it. If that is also provided, to some extent, they have Checkmarx IDE plug-ins, but how useful it is to the development teams, we still do not know. For now, once the development activities are done and when they build their repositories, that is where Checkmarx SAST gets triggered. The deployment for Checkmarx SAST requires no more than five minutes since we are working on all web services type of applications, and it will not take longer. Only for legacy applications where we have heard concerns from the development teams does it take about thirty minutes or more. I am not totally aware of CI/CD pipeline integration with Checkmarx SAST because we have CI/CD, but I still do not know. That may be on the roadmap for twenty twenty-six.
Our main use cases with Checkmarx SAST are currently in the implementation stage where we have utilized integrations with IDEs and have already integrated within the entire organization, which will scan any of the pull or push requests from the GitHub side. This helps us a lot in identifying vulnerabilities in early stages, and the integration within the IDEs helps developers get the results into their IDE itself, making it easier for them to fix vulnerabilities. There are also possibilities that we can integrate with AI as well. In our organization, we utilize multiple programming languages, including Scala, .NET, Python, PHP, Java, JavaScript, Node.js, and Ruby, resulting in a vast language coverage.
Key Account Manager at a tech services company with 11-50 employees
Reseller
Top 20
Sep 5, 2025
I am currently working with Checkmarx SAST as technical partners. Our customers are from insurance and depository backgrounds. Checkmarx SAST is one of the branded solutions, and according to the Magic Quadrant, it's in the leader space. It has a reputation in the market, and many clients are aware of the solution. Our customers are mainly using an on-premise deployment model with Checkmarx SAST. They are using only on-prem because there are some banks and organizations where it's very difficult to sell on cloud due to regulations and bank regulations.
The primary use case of Checkmarx SAST is application security, specifically static application security testing. It is essential and the root of this concept.
Checkmarx SAST provides advanced static application security testing by identifying vulnerabilities in source code. It's ideal for ISOs, security professionals, and developers striving to secure applications during development.Checkmarx SAST is known for its powerful code scanning capabilities that integrate seamlessly into existing development environments. It supports a wide range of programming languages, which makes it applicable for diverse development projects. Some users suggest...
I manage the application security side of the products here, currently utilizing solutions such as Checkmarx, Akamai, Traceable, and Invicti, which are the security scanning tools that we use. In the organization where I'm working, we are using Checkmarx SAST as well as SCA, and for the SCA solution, we have moved to Checkmarx One, which provides both options. I joined here two years ago, but even before I joined, I heard that from 2020 or something, this company has been using Checkmarx for the SAST solution. Checkmarx SAST is deployed using a cloud-based model, and it is not on-premises. Checkmarx SAST is primarily used for post-development activities in our organization, and we want to integrate it into the user interface itself. Checkmarx plug-ins are being worked on, and they still work on the IDE part of it. If that is also provided, to some extent, they have Checkmarx IDE plug-ins, but how useful it is to the development teams, we still do not know. For now, once the development activities are done and when they build their repositories, that is where Checkmarx SAST gets triggered. The deployment for Checkmarx SAST requires no more than five minutes since we are working on all web services type of applications, and it will not take longer. Only for legacy applications where we have heard concerns from the development teams does it take about thirty minutes or more. I am not totally aware of CI/CD pipeline integration with Checkmarx SAST because we have CI/CD, but I still do not know. That may be on the roadmap for twenty twenty-six.
Our main use cases with Checkmarx SAST are currently in the implementation stage where we have utilized integrations with IDEs and have already integrated within the entire organization, which will scan any of the pull or push requests from the GitHub side. This helps us a lot in identifying vulnerabilities in early stages, and the integration within the IDEs helps developers get the results into their IDE itself, making it easier for them to fix vulnerabilities. There are also possibilities that we can integrate with AI as well. In our organization, we utilize multiple programming languages, including Scala, .NET, Python, PHP, Java, JavaScript, Node.js, and Ruby, resulting in a vast language coverage.
I am currently working with Checkmarx SAST as technical partners. Our customers are from insurance and depository backgrounds. Checkmarx SAST is one of the branded solutions, and according to the Magic Quadrant, it's in the leader space. It has a reputation in the market, and many clients are aware of the solution. Our customers are mainly using an on-premise deployment model with Checkmarx SAST. They are using only on-prem because there are some banks and organizations where it's very difficult to sell on cloud due to regulations and bank regulations.
We integrated Checkmarx with our pipelines in Jenkins. We had it fully automated for static security scanning to protect our company against attacks.
The primary use case of Checkmarx SAST is application security, specifically static application security testing. It is essential and the root of this concept.