We performed a comparison between Checkmarx One and Fortify Software Security Center based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Apart from software scanning, software composition scanning is valuable."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"It has all the features we need."
"This is a stable solution at the end of the day."
"You can easily download the tool's rule packs and update them."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"The solution's user interface could be improved because it seems outdated."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"Checkmarx could improve the REST APIs by including automation."
"Checkmarx could be improved with more integration with third-party software."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"We are having issues with false positives that need to be resolved."
"Fortify Software Security Center's setup is really painful."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
More Fortify Software Security Center Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Fortify Software Security Center is ranked 27th in Static Application Security Testing (SAST) with 3 reviews. Checkmarx One is rated 7.6, while Fortify Software Security Center is rated 7.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify Software Security Center writes "A fair-priced solution that helps with application security testing ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Fortify Software Security Center is most compared with Fortify on Demand. See our Checkmarx One vs. Fortify Software Security Center report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.