We performed a comparison between Checkmarx One and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The only thing I like is that Checkmarx does not need to compile."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The value you can get out of the speedy production may be worth the price tag."
"We use the solution for dynamic application testing."
"The solution allows us to create custom rules for code checks."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"The user interface is excellent. It's very user friendly."
"It is a stable product."
"The reporting part is the most valuable feature."
"The solution is cheap."
"You can easily find particular features and functions through the UI."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"It was easy to set up."
"The most valuable feature of the solution is the scanning or security part."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"I would like to see the DAST solution in the future."
"I would like to see the rate of false positives reduced."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"The product has some technical limitations."
"AppScan is too complicated and should be made more user-friendly."
"It has crashed at times."
"Improvement can be done as per customer requirements."
"The penetration testing feature should be included."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"HCL AppScan needs to improve security."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while HCL AppScan is ranked 14th in Application Security Tools with 41 reviews. Checkmarx One is rated 7.6, while HCL AppScan is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Sonatype Lifecycle, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Checkmarx One vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.