We performed a comparison between Checkmarx One and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Scan reviews can occur during the development lifecycle."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"It has all the features we need."
"The only thing I like is that Checkmarx does not need to compile."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The user interface is excellent. It's very user friendly."
"This solution saves us time due to the low number of false positives detected."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"The solution offers services in a few specific development languages."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"There's extensive functionality with custom rules and a custom knowledge base."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"AppScan is stable."
"It provides a better integration for our ecosystem."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"If it is a very large code base then we have a problem where we cannot scan it."
"The reports are good, but they still need to be improved considering what the UI offers."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"I would like to see the DAST solution in the future."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"The solution could improve by having a mobile version."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"IBM Security AppScan Source is rather hard to use."
"The product has some technical limitations."
"They should have a better UI for dashboards."
"The penetration testing feature should be included."
"The pricing has room for improvement."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while HCL AppScan is ranked 15th in Application Security Tools with 41 reviews. Checkmarx One is rated 7.6, while HCL AppScan is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Acunetix, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Fortify on Demand. See our Checkmarx One vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.