We performed a comparison between Checkmarx One and Rapid7 AppSpider based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Apart from software scanning, software composition scanning is valuable."
"The most valuable feature for me is the Jenkins Plugin."
"Scan reviews can occur during the development lifecycle."
"The solution is scalable, but other solutions are better."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"We use the solution for dynamic application testing."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"It is really accurate and the rate of false positives is very low."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"The setup is usually straightforward."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"AppSpider has some problems with the RAM needed while scanning."
"This price of this solution is a little bit expensive."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"It needs better integration with mobile applications."
"The enterprise interface is too simple. It should be more customizable."
"The dashboard and interface are crucial and they need some improvement."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews. Checkmarx One is rated 7.6, while Rapid7 AppSpider is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and Cloudflare. See our Checkmarx One vs. Rapid7 AppSpider report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.