We performed a comparison between Checkmarx One and Rapid7 AppSpider based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"We use the solution to validate the source code and do SAST and security analysis."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"From my point of view, it is the best product on the market."
"It shows in-depth code of where actual vulnerabilities are."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"It has all the features we need."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"The most valuable feature is the reporting, which is compliant with international standards."
"The setup is usually straightforward."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"I would say that it is stable, as I am not aware of any major issues."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"The pricing can get a bit expensive, depending on the company's size."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"The dashboard and interface are crucial and they need some improvement."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"There are some glitches with stability, and it is an area for improvement."
"The enterprise interface is too simple. It should be more customizable."
"The tech support is responsive but issues remain unresolved."
"Support response times are slow and can be improved."
"Integration could be better."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews. Checkmarx One is rated 7.6, while Rapid7 AppSpider is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and Cloudflare. See our Checkmarx One vs. Rapid7 AppSpider report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
