We performed a comparison between Checkmarx One and Fortify WebInspect based on real PeerSpot user reviews.
Find out in this report how the two DevSecOps solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"Apart from software scanning, software composition scanning is valuable."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"It has all the features we need."
"Scan reviews can occur during the development lifecycle."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"Good at scanning and finding vulnerabilities."
"The user interface is ok and it is very simple to use."
"The accuracy of its scans is great."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"It is scalable and very easy to use."
"It's a well-known platform for doing dynamic application scanning."
"The most valuable feature is the static analysis."
"The solution's technical support was very helpful."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"If it is a very large code base then we have a problem where we cannot scan it."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"The solution's user interface could be improved because it seems outdated."
"We can run only one project at a time."
"Checkmarx could improve the speed of the scans."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"Creating reports is very slow and it is something that should be improved."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"A localized version, for example, in Korean would be a big improvement to this solution."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"We have had a problem with authentification."
"The initial setup was complex."
"The scanner could be better."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
Checkmarx One is ranked 2nd in DevSecOps with 67 reviews while Fortify WebInspect is ranked 8th in DevSecOps with 17 reviews. Checkmarx One is rated 7.6, while Fortify WebInspect is rated 7.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand and Snyk, whereas Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Rapid7 InsightAppSec. See our Checkmarx One vs. Fortify WebInspect report.
See our list of best DevSecOps vendors.
We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
