We performed a comparison between Checkmarx One, Fortify Application Defender, and Kiuwan based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The UI is very intuitive and simple to use."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The report function is the solution's greatest asset."
"The administration in Checkmarx is very good."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"Helps us check vulnerabilities in our SAP Fiori application."
"The most valuable feature is the simple user interface."
"Its ability to find security defects is valuable."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The most valuable feature is that it analyzes data in real-time."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The solution helped us to improve the code quality of our organization."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."
"I like that it provides a detailed report that lets you know the risk index and the vulnerability."
"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."
"I have found the security and QA in the source code to be most valuable."
"Software analytics for a lot of different languages including ABAP."
"I've found the reporting features the most helpful."
"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."
"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"Checkmarx needs to be more scalable for large enterprise companies."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"The validation process needs to be sped up."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"The licensing can be a little complex."
"The workbench is a little bit complex when you first start using it."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"I encountered many false positives for Python applications."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"Support for older compilers/IDEs is lacking."
"The solution is quite expensive."
"The false positive rate should be lower."
"The development-to-delivery phase."
"In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further."
"I would like to see additional languages supported."
"The configuration hasn't been that good."
"I would like to see better integration with Azure DevOps in the next release of this solution."
"Perhaps more languages supported."
"The next release should include more flexibility in the reporting."
"DIfferent languages, such Spanish, Portuguese, and so on."