We performed a comparison between Checkmarx One and Fortify Software Security Center based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"Less false positive errors as compared to any other solution."
"One of the most valuable features is it is flexible."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"Vulnerability details is valuable."
"This is a stable solution at the end of the day."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"You can easily download the tool's rule packs and update them."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"We are having issues with false positives that need to be resolved."
"Fortify Software Security Center's setup is really painful."
More Fortify Software Security Center Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Fortify Software Security Center is ranked 27th in Static Application Security Testing (SAST) with 3 reviews. Checkmarx One is rated 7.6, while Fortify Software Security Center is rated 7.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify Software Security Center writes "A fair-priced solution that helps with application security testing ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Fortify Software Security Center is most compared with Fortify on Demand, Tricentis Tosca and Fortify WebInspect. See our Checkmarx One vs. Fortify Software Security Center report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.