Checkmarx One vs Rapid7 AppSpider Comparison 2024

Checkmarx One

Rapid7 AppSpider

Checkmarx One

Read 67 Checkmarx One reviews

32,487 views|21,108 comparisons

Rapid7 AppSpider

Read 13 Rapid7 AppSpider reviews

1,295 views|952 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Checkmarx One vs. Rapid7 AppSpider

May 2024

Executive Summary

We performed a comparison between Checkmarx One and Rapid7 AppSpider based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Checkmarx One vs. Rapid7 AppSpider Report (Updated: May 2024).

Download the complete report

771,170 professionals have used our research since 2012.

Featured Review

Prakash Ganesan

Engineer senior at a hospitality company

A good compliance solution that is best suited to small scale applications, and suffers from stability issues

This solution helps to remediate the compliance requirements we have. The product also increases the quality of the code the developers are able to... Read more →

Rizwan-Alam

Head Information Security at Akhtar Fuiou Technologies

Researched Checkmarx One but chose Rapid7 AppSpider: Easy automated web app scanning, but gives many false positives and isn't always stable

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"The most valuable feature for me is the Jenkins Plugin.""What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results.""Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.""The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.""We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code.""The solution communicates where to fix the issue for the purpose of less iterations.""The setup is fairly easy. We didn't struggle with the process at all.""I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."

More Checkmarx One Pros →

"I would say that it is stable, as I am not aware of any major issues.""The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product.""The most valuable feature is the reporting, which is compliant with international standards.""I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us.""It is really accurate and the rate of false positives is very low.""It scans all the components developed within a web application.""Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements.""The initial deployment is very straightforward and simple. The product is stable if configured properly."

More Rapid7 AppSpider Pros →

Cons

"They could work to improve the user interface. Right now, it really is lacking.""The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information.""Implementing a blackout time for any user or teams: Needs improvement.""The validation process needs to be sped up.""It is an expensive solution.""I would like to see the rate of false positives reduced.""C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported.""The integration could improve by including, for example, DevSecOps."

More Checkmarx One Cons →

"The enterprise interface is too simple. It should be more customizable.""Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan.""The solution is too slow. It could take a full day to scan. Competitors are much faster.""The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great.""The tech support is responsive but issues remain unresolved.""Integration could be better.""This price of this solution is a little bit expensive.""The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."

More Rapid7 AppSpider Cons →

Pricing and Cost Advice

"It is the right price for quality delivery."

"I believe pricing is better compared to other commercial tools."

"The pricing was not very good. This is just a framework which shouldn’t cost so much."

"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."

"It is a good product but a little overpriced."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

"Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

More Checkmarx One Pricing and Cost Advice →

"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."

"The price is pretty fair."

"The licensing cost depends on the number of users."

"AppSpider is closed-source software and you need to acquire a license in order to use it."

"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."

More Rapid7 AppSpider Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See Recommendations

771,170 professionals have used our research since 2012.

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

Read all 4 answers →

What do you like most about Checkmarx?

Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

Read all 38 answers →

What is your experience regarding pricing and costs for Checkmarx?

Top Answer:The solution's price is high and you pay based on the number of users.

Read all 25 answers →

What do you like most about Rapid7 AppSpider?

Top Answer:The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all… more »

Read all 13 answers →

What is your experience regarding pricing and costs for Rapid7 AppSpider?

Top Answer:The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor. The price of the… more »

Read all 6 answers →

What needs improvement with Rapid7 AppSpider?

Top Answer:The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution.

Read all 12 answers →

Ranking

3rd

out of 67 in Static Application Security Testing (SAST)

Views

32,487

Comparisons

21,108

Reviews

Average Words per Review

513

Rating

7.7

25th

out of 67 in Static Application Security Testing (SAST)

Views

1,295

Comparisons

952

Reviews

Average Words per Review

429

Rating

7.3

Comparisons

SonarQube vs. Checkmarx One

Compared 52% of the time.

Veracode vs. Checkmarx One

Compared 13% of the time.

Fortify on Demand vs. Checkmarx One

Compared 6% of the time.

Snyk vs. Checkmarx One

Compared 4% of the time.

Coverity vs. Checkmarx One

Compared 3% of the time.

More Checkmarx One Competitors →

Rapid7 InsightAppSec vs. Rapid7 AppSpider

Compared 28% of the time.

OWASP Zap vs. Rapid7 AppSpider

Compared 14% of the time.

Acunetix vs. Rapid7 AppSpider

Compared 12% of the time.

Invicti vs. Rapid7 AppSpider

Compared 9% of the time.

Cloudflare vs. Rapid7 AppSpider

Compared 3% of the time.

More Rapid7 AppSpider Competitors →

Also Known As

AppSpider

Learn More

Checkmarx

Rapid7

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Microsoft

Top Industries

REVIEWERS

Computer Software Company31%

Financial Services Firm19%

Comms Service Provider9%

Manufacturing Company9%

VISITORS READING REVIEWS

Financial Services Firm21%

Computer Software Company15%

Manufacturing Company9%

Insurance Company5%

VISITORS READING REVIEWS

Computer Software Company18%

Financial Services Firm16%

Government9%

Manufacturing Company5%

Company Size

REVIEWERS

Small Business38%

Midsize Enterprise13%

Large Enterprise50%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise12%

Large Enterprise72%

REVIEWERS

Small Business77%

Midsize Enterprise15%

Large Enterprise8%

VISITORS READING REVIEWS

Small Business20%

Midsize Enterprise14%

Large Enterprise66%

Buyer's Guide

Checkmarx One vs. Rapid7 AppSpider

May 2024

Free Report: Checkmarx One vs. Rapid7 AppSpider

Find out what your peers are saying about Checkmarx One vs. Rapid7 AppSpider and other solutions. Updated: May 2024.

DOWNLOAD NOW

771,170 professionals have used our research since 2012.

Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews. Checkmarx One is rated 7.6, while Rapid7 AppSpider is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and Cloudflare. See our Checkmarx One vs. Rapid7 AppSpider report.

See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Checkmarx One vs Rapid7 AppSpider comparison