We performed a comparison between Checkmarx One, Fortify Application Defender, and Trustwave App Scanner [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The SAST component was absolutely 100% stable."
"Our static operation security has been able to identify more security issues since implementing this solution."
"Scan reviews can occur during the development lifecycle."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The product saves us cost and time."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"Its ability to find security defects is valuable."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The solution helped us to improve the code quality of our organization."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The stability is great. We haven't had any issues at all with it."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"It is an expensive solution."
"We have received some feedback from our customers who are receiving a large number of false positives."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Checkmarx could improve by reducing the price."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Support for older compilers/IDEs is lacking."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"The workbench is a little bit complex when you first start using it."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"Fortify Application Defender gives a lot of false positives."
"The solution is quite expensive."
"I encountered many false positives for Python applications."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
Earn 20 points