We performed a comparison between Apiiro and Checkmarx One based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Apiiro's secrets detection feature has saved us several times, which we appreciate greatly."
"The workflow automation is likely the best aspect of the solution."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"Scan reviews can occur during the development lifecycle."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"Helps us check vulnerabilities in our SAP Fiori application."
"The most valuable feature for me is the Jenkins Plugin."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"I would like support for our self-hosted Git server, other than GitHub, just regular Git."
"User management is a little bit clunky."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"I would like to see the tool’s pricing improved."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
Apiiro is ranked 21st in Static Application Security Testing (SAST) with 2 reviews while Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews. Apiiro is rated 8.6, while Checkmarx One is rated 7.6. The top reviewer of Apiiro writes "A great secrets detection feature, good visibility, and integrates well". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". Apiiro is most compared with Snyk, Ox Security, Cycode and SonarQube, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity. See our Apiiro vs. Checkmarx One report.
See our list of best Static Application Security Testing (SAST) vendors, best API Security vendors, and best Risk-Based Vulnerability Management vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.