We performed a comparison between Checkmarx One, HCL AppScan, and Trustwave App Scanner [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"From my point of view, it is the best product on the market."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"It shows in-depth code of where actual vulnerabilities are."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"We use the solution to validate the source code and do SAST and security analysis."
"Technical support is helpful."
"This solution saves us time due to the low number of false positives detected."
"This is a stable solution."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"The most valuable feature of the solution is the scanning or security part."
"You can easily find particular features and functions through the UI."
"The most valuable feature of HCL AppScan is scanning QR codes."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"The stability is great. We haven't had any issues at all with it."
"The integration could improve by including, for example, DevSecOps."
"If it is a very large code base then we have a problem where we cannot scan it."
"I would like to see the tool’s pricing improved."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"I would like to see the DAST solution in the future."
"Micro-services need to be included in the next release."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"The pricing has room for improvement."
"They should have a better UI for dashboards."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"Scans become slow on large websites."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"There is room for improvement in the pricing model."
"The solution could improve by having a mobile version."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
Earn 20 points