We performed a comparison between Checkmarx One and Fortify WebInspect based on real PeerSpot user reviews.
Find out in this report how the two DevSecOps solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Vulnerability details is valuable."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The only thing I like is that Checkmarx does not need to compile."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"Less false positive errors as compared to any other solution."
"The SAST component was absolutely 100% stable."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"Guided Scan option allows us to easily scan and share reports."
"Good at scanning and finding vulnerabilities."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"The most valuable feature is the static analysis."
"It's a well-known platform for doing dynamic application scanning."
"The user interface is ok and it is very simple to use."
"Technical support has been good."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Checkmarx needs to be more scalable for large enterprise companies."
"The cost per user is high and should be reduced."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"The initial setup was complex."
"Lately, we've seen more false negatives."
"One thing I would like to see them introduce is a cloud-based platform."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"A localized version, for example, in Korean would be a big improvement to this solution."
Checkmarx One is ranked 2nd in DevSecOps with 67 reviews while Fortify WebInspect is ranked 8th in DevSecOps with 17 reviews. Checkmarx One is rated 7.6, while Fortify WebInspect is rated 7.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand and Snyk, whereas Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Rapid7 InsightAppSec. See our Checkmarx One vs. Fortify WebInspect report.
See our list of best DevSecOps vendors.
We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.