"Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients."
"Used for controlling the technical debt and code quality."
"It supports most programming languages."
"CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform."
"The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The value you can get out of the speedy production may be worth the price tag."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The report function is the solution's greatest asset."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues."
"Implementation could be made more simpler as it is complex."
"It has very few plugins to access different code repositories, so source code has to be fed."
"The integration of this solution could be improved."
"The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules. An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"I would like to see the rate of false positives reduced."
"We can run only one project at a time."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
More CAST Application Intelligence Platform Pricing and Cost Advice →
CAST Application Intelligence Platform is ranked 3rd in Software Development Analytics with 4 reviews while Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews. CAST Application Intelligence Platform is rated 7.0, while Checkmarx One is rated 7.6. The top reviewer of CAST Application Intelligence Platform writes "Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". CAST Application Intelligence Platform is most compared with SonarQube, Fortify Application Defender, Fortify on Demand and BlueOptima, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity.
We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
