We performed a comparison between Checkmarx One and Synopsys Code Dx based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The UI is very intuitive and simple to use."
"The solution is scalable, but other solutions are better."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"The only thing I like is that Checkmarx does not need to compile."
"The setup is fairly easy. We didn't struggle with the process at all."
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
"We can run only one project at a time."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Meta data is always needed."
"They could work to improve the user interface. Right now, it really is lacking."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"The integration could improve by including, for example, DevSecOps."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"If it is a very large code base then we have a problem where we cannot scan it."
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Synopsys Code Dx is ranked 31st in Static Application Security Testing (SAST) with 1 review. Checkmarx One is rated 7.6, while Synopsys Code Dx is rated 0.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Synopsys Code Dx writes "Facilitates continuous assessment of applications, covering both static and dynamic security aspects". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Synopsys Code Dx is most compared with Veracode, Coverity and SonarQube.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.