We performed a comparison between Checkmarx One and Contrast Security Assess based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI is very intuitive and simple to use."
"It has all the features we need."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The user interface is modern and nice to use."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The most valuable feature for me is the Jenkins Plugin."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The accuracy of the solution in identifying vulnerabilities is better than any other product we've used, far and away. In our internal comparisons among different tools, Contrast consistently finds more impactful vulnerabilities, and also identifies vulnerabilities that are nearly guaranteed to be there, meaning that the chance of false positives is very low."
"No other tool does the runtime scanning like Contrast does. Other static analysis tools do static scanning, but Contrast is runtime analysis, when the routes are exercised. That's when the scan happens. This is a tool that has a very unique capability compared to other tools. That's what I like most about Contrast, that it's runtime."
"Assess has an excellent API interface to pull APIs."
"It is a stable solution...Contrast Security Assess is one of the first players in this market, so they have experience and customers, especially abroad. Overall, it's a good product."
"By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time."
"In our most critical applications, we have a deep dive in the code evaluation, which was something we usually did with periodic vulnerability assessments, code reviews, etc. Now, we have real time access to it. It's something that has greatly enhanced our code's quality. We have actually embedded a KPI in regards to the improvement of our code shell. For example, Contrast provides a baseline where libraries and the usability of the code are evaluated, and they produce a score. We always aim to improve that score. On a quarterly basis, we have added this to our KPIs."
"We use the Contrast OSS feature that allows us to look at third-party, open-source software libraries, because it has a cool interface where you can look at all the different libraries. It has some really cool additional features where it gives us how many instances in which something has been used... It tells us it has been used 10 times out of 20 workloads, for example. Then we know for sure that OSS is being used."
"When we access the application, it continuously monitors and detects vulnerabilities."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"Checkmarx could be improved with more integration with third-party software."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"Micro-services need to be included in the next release."
"The solution needs to improve flexibility...The scalability of the product is a problem in the solution, especially from a commercial perspective."
"The product's retesting part needs improvement. The tool also needs improvement in the suggestions provided for fixing vulnerabilities. It relies more on documentation rather than on quick fixes."
"Personalization of the board and how to make it appealing to an organization is something that could be done on their end. The reports could be adaptable to the customer's preferences."
"I would like to see them come up with more scanning rules."
"The out-of-the-box reporting could be improved. We need to write our own APIs to make the reporting more robust."
"To instrument an agent, it has to be running on a type of application technology that the agent recognizes and understands. It's excellent when it works. If we're using an application that is using an unsupported technology, then we can't instrument it at all. We do use PHP and Contrast presently doesn't support that, although it's on their roadmap. My primary hurdle is that it doesn't support all of the technologies that we use."
"The setup of the solution is different for each application. That's the one thing that has been a challenge for us. The deployment itself is simple, but it's tough to automate because each application is different, so each installation process for Contrast is different."
"The solution should provide more details in the section where it shows that third-party libraries have CVEs or some vulnerabilities."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Contrast Security Assess is ranked 22nd in Static Application Security Testing (SAST) with 11 reviews. Checkmarx One is rated 7.6, while Contrast Security Assess is rated 8.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Contrast Security Assess writes "We're gathering vulnerability data from multiple environments in real time, fundamentally changing how we identify issues in applications". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Contrast Security Assess is most compared with Veracode, Seeker, Fortify WebInspect, HCL AppScan and SonarQube. See our Checkmarx One vs. Contrast Security Assess report.
See our list of best Static Application Security Testing (SAST) vendors and best Application Security Tools vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.