• Home
  • Checkmarx One vs. HCL AppScan

Checkmarx One vs HCL AppScan comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
Checkmarx One
Read 67 Checkmarx One reviews
34,421 views|22,385 comparisons
86% willing to recommend
HCLTech Logo
HCL AppScan
Read 41 HCL AppScan reviews
5,423 views|4,191 comparisons
82% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Checkmarx One vs. HCL AppScan
May 2024
Executive Summary

We performed a comparison between Checkmarx One and HCL AppScan based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx One vs. HCL AppScan Report (Updated: May 2024).
Download the complete report
771,212 professionals have used our research since 2012.
Featured Review
Bus432Anly
Researched HCL AppScan but chose Checkmarx One: It made our organization more efficient with our whole code scan/deployment process for our software applications.
It has made our organization more efficient with our whole code scan/deployment process for our software applications.
Anonymous User
Researched Checkmarx One but chose HCL AppScan: Offers many support languages, scans in a decent amount of time and is easy to set up
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Scan reviews can occur during the development lifecycle.""The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled.""The solution has good performance, it is able to compute in 10 to 15 minutes.""It has all the features we need.""The only thing I like is that Checkmarx does not need to compile.""It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc).""I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy.""The user interface is excellent. It's very user friendly."

More Checkmarx One Pros →

"This solution saves us time due to the low number of false positives detected.""Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production.""The solution offers services in a few specific development languages.""The product is useful, particularly in its sensitivity and scanning capabilities.""There's extensive functionality with custom rules and a custom knowledge base.""It's generally a very user-friendly tool. Anyone can easily learn how to scan""AppScan is stable.""It provides a better integration for our ecosystem."

More HCL AppScan Pros →

Cons
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added.""With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too.""If it is a very large code base then we have a problem where we cannot scan it.""The reports are good, but they still need to be improved considering what the UI offers.""We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process.""I would like to see the DAST solution in the future.""Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not.""One area for improvement in Checkmarx is pricing, as it's more expensive than other products."

More Checkmarx One Cons →

"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point.""The solution could improve by having a mobile version.""Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products.""​IBM Security AppScan Source is rather hard to use​.""The product has some technical limitations.""They should have a better UI for dashboards.""The penetration testing feature should be included.""The pricing has room for improvement."

More HCL AppScan Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

    • More Checkmarx One Pricing and Cost Advice →

  • "AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • "Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
  • "HCL AppScan is expensive."
  • "I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
  • "The price is very expensive."
  • "The solution is moderately priced."
  • "The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

    • More HCL AppScan Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    771,212 professionals have used our research since 2012.
    Questions from the Community
    What alternatives are there for Fortify WebInspect and Fortify SCA?
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Read all 4 answers   →
    What do you like most about Checkmarx?
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Checkmarx?
    Top Answer:The solution's price is high and you pay based on the number of users.
    Read all 25 answers   →
    What do you like most about HCL AppScan?
    Top Answer:The product has valuable features for static and dynamic testing.
    Read all 17 answers   →
    What needs improvement with HCL AppScan?
    Top Answer:HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not vulnerable. In the ADSL feature managed, the primary objective is to identify… more »
    Read all 20 answers   →
    What is your primary use case for HCL AppScan?
    Top Answer:HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by day, making it more efficient.
    Read all 18 answers   →
    Ranking
    3rd
    out of 74 in Application Security Tools
    Views
    34,421
    Comparisons
    22,385
    Reviews
    21
    Average Words per Review
    508
    Rating
    7.7
    15th
    out of 74 in Application Security Tools
    Views
    5,423
    Comparisons
    4,191
    Reviews
    16
    Average Words per Review
    346
    Rating
    7.2
    Comparisons
    SonarQube logo
    SonarQube vs. Checkmarx One
    Compared 52% of the time.
    Veracode logo
    Veracode vs. Checkmarx One
    Compared 13% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Checkmarx One
    Compared 6% of the time.
    Snyk logo
    Snyk vs. Checkmarx One
    Compared 4% of the time.
    Acunetix logo
    Acunetix vs. Checkmarx One
    Compared 1% of the time.
    More Checkmarx One Competitors   →
    SonarQube logo
    SonarQube vs. HCL AppScan
    Compared 15% of the time.
    Veracode logo
    Veracode vs. HCL AppScan
    Compared 12% of the time.
    Acunetix logo
    Acunetix vs. HCL AppScan
    Compared 10% of the time.
    OWASP Zap logo
    OWASP Zap vs. HCL AppScan
    Compared 8% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. HCL AppScan
    Compared 7% of the time.
    More HCL AppScan Competitors   →
    Also Known As
    IBM Security AppScan, Rational AppScan, AppScan
    Learn More
    Checkmarx
    HCLTech
    Overview

    Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

    Checkmarx One offers comprehensive application scanning across the SDLC:

    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • API security
    • Dynamic Application Security Testing (DAST)
    • Container security
    • IaC security
    • Correlation, prioritization, and risk management
    • Codebashing secure code training
    • AI security
    • Tech partnerships extending AppSec into runtime analysis
    • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

    Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Government15%
    Transportation Company15%
    Comms Service Provider10%
    Financial Services Firm10%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm14%
    Government9%
    Manufacturing Company9%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise72%
    REVIEWERS
    Small Business24%
    Midsize Enterprise13%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise12%
    Large Enterprise72%
    Buyer's Guide
    Checkmarx One vs. HCL AppScan
    May 2024
    Free Report: Checkmarx One vs. HCL AppScan
    Find out what your peers are saying about Checkmarx One vs. HCL AppScan and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,212 professionals have used our research since 2012.

    Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while HCL AppScan is ranked 15th in Application Security Tools with 41 reviews. Checkmarx One is rated 7.6, while HCL AppScan is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Acunetix, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Fortify on Demand. See our Checkmarx One vs. HCL AppScan report.

    See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.