We performed a comparison between Mend and Checkmarx based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Mend comes out ahead of Chechmarx. While both possess flexibility and good vulnerability compliance, Checkmarx’s modular licensing and data search tools leave room for improvement.
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The SAST component was absolutely 100% stable."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"One of the most valuable features is it is flexible."
"It has all the features we need."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"Less false positive errors as compared to any other solution."
"The results and the dashboard they provide are good."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"Micro-services need to be included in the next release."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"Make the product available in a very stable way for other web browsers."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"The UI is not that friendly and you need to learn how to navigate easily."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Checkmarx One is rated 7.6, while Mend.io is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and OWASP Zap, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and JFrog Xray. See our Checkmarx One vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.