We performed a comparison between Checkmarx One and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution communicates where to fix the issue for the purpose of less iterations."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"Apart from software scanning, software composition scanning is valuable."
"We leverage it as a quality check against code."
"Technical support is helpful."
"The security and the dashboard are the most valuable features."
"This solution saves us time due to the low number of false positives detected."
"The solution is cheap."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"AppScan is stable."
"The most valuable feature of the solution is Postman."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"The integration could improve by including, for example, DevSecOps."
"Its user interface could be improved and made more friendly."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"We have received some feedback from our customers who are receiving a large number of false positives."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"They have to improve support."
"There is room for improvement in the pricing model."
"The databases for HCL are small and have room for improvement."
"IBM Security AppScan Source is rather hard to use."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"There are so many lines of code with so many different categories that I am likely to get lost. "
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while HCL AppScan is ranked 14th in Application Security Tools with 41 reviews. Checkmarx One is rated 7.6, while HCL AppScan is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Sonatype Lifecycle, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Checkmarx One vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.