We performed a comparison between Checkmarx One and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"It is a stable product."
"The user interface is modern and nice to use."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The solution communicates where to fix the issue for the purpose of less iterations."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"Vulnerability details is valuable."
"We use the solution for security testing."
"You can run it against multiple targets."
"Automatic updates and pull request analysis."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"The solution is scalable."
"The application scanning feature is the most valuable feature."
"It scans while you navigate, then you can save the requests performed and work with them later."
"The ZAP scan and code crawler are valuable features."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"If it is a very large code base then we have a problem where we cannot scan it."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"The reporting feature could be more descriptive."
"Lacks resources where users can internally access a learning module from the tool."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"OWASP Zap needs to extend to mobile application testing."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"Sometimes, we get some false positives."
"The product reporting could be improved."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Checkmarx One is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Fortify Application Defender, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Checkmarx One vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.