Incident Manager at a computer software company with 1,001-5,000 employees
Real User
Top 5
Jan 12, 2026
I believe that nothing in particular could be improved about Checkmarx SAST, only the turnaround time and the fact that technical account managers keep moving around, which leads to some lag in communication. Apart from that, there are regular touch-base calls with the vendor where we bring up our concerns, and feature requests take some time since they do not work only for our client.
When assessing the accuracy and efficiency of Checkmarx SAST scanning capabilities, they are currently recommending that doing the full scan is the main, correct way of scanning the repositories. However, based on the repository size we have, it sometimes takes more than 10 minutes for larger repositories, which is a downside. The accuracy of the results depends on various factors, as some of the test folders tend to give us false positives, which makes a huge impact on the vulnerabilities. Those are the major things that we have to fine-tune from our end. I would rate Checkmarx SAST around a seven, as it does have some false positives we have to work with, which are the major concerning things. The number of false positives is significant because we cannot implement policies because of this.
Key Account Manager at a tech services company with 11-50 employees
Reseller
Top 20
Sep 5, 2025
The main challenge with Checkmarx SAST is the price. The price is a challenge because Checkmarx SAST is a very big brand, and many mid-sized companies cannot afford it as they are very price-conscious. A 20 to 30% reduction in price would be beneficial. Checkmarx SAST could invest more in digital marketing, particularly in ad sales on platforms such as LinkedIn, which could be a valuable tool.
IT Transformation Project Manager at a financial services firm with 10,001+ employees
Real User
Top 10
Dec 16, 2024
We had some issues where Checkmarx did not recognize a vulnerability. We had to talk with the vendor, and they had to include an improvement in the tool to resolve this issue.
There is a need for improvement in terms of technical support, pricing policy, and configuration. The on-premises version is more expensive compared to the cloud version.
Checkmarx SAST provides advanced static application security testing by identifying vulnerabilities in source code. It's ideal for ISOs, security professionals, and developers striving to secure applications during development.Checkmarx SAST is known for its powerful code scanning capabilities that integrate seamlessly into existing development environments. It supports a wide range of programming languages, which makes it applicable for diverse development projects. Some users suggest...
I believe that nothing in particular could be improved about Checkmarx SAST, only the turnaround time and the fact that technical account managers keep moving around, which leads to some lag in communication. Apart from that, there are regular touch-base calls with the vendor where we bring up our concerns, and feature requests take some time since they do not work only for our client.
When assessing the accuracy and efficiency of Checkmarx SAST scanning capabilities, they are currently recommending that doing the full scan is the main, correct way of scanning the repositories. However, based on the repository size we have, it sometimes takes more than 10 minutes for larger repositories, which is a downside. The accuracy of the results depends on various factors, as some of the test folders tend to give us false positives, which makes a huge impact on the vulnerabilities. Those are the major things that we have to fine-tune from our end. I would rate Checkmarx SAST around a seven, as it does have some false positives we have to work with, which are the major concerning things. The number of false positives is significant because we cannot implement policies because of this.
The main challenge with Checkmarx SAST is the price. The price is a challenge because Checkmarx SAST is a very big brand, and many mid-sized companies cannot afford it as they are very price-conscious. A 20 to 30% reduction in price would be beneficial. Checkmarx SAST could invest more in digital marketing, particularly in ad sales on platforms such as LinkedIn, which could be a valuable tool.
We had some issues where Checkmarx did not recognize a vulnerability. We had to talk with the vendor, and they had to include an improvement in the tool to resolve this issue.
There is a need for improvement in terms of technical support, pricing policy, and configuration. The on-premises version is more expensive compared to the cloud version.