What is our primary use case?
We use this solution to check our systems for any vulnerabilities in our applications. Currently, I'm working on a banking tool, which is aligned with the menu. Our system was created 30 years ago and still is running in the market and doing well. However, currently, there are so many changes happening. Any solution coming into the technology needs to have a security check to ensure everything is safe.
What is most valuable?
The reporting on the solution is very good. The reports we get are very self-explanatory. They aren't complex or confusing. They will tell us if we are facing vulnerabilities and where. From the reporting, it's quite easy to find the problems and fix them.
The solution overall is very good at detecting and pinpointing vulnerabilities in the code.
The user interface is excellent. It's very user friendly.
The solution offers good training documentation so we know how to handle problems as they arise.
What needs improvement?
Honestly speaking, we do not have much experience in this tool yet as we just started using it a couple of months ago. I personally am still just diving into the data. It may be too early to tell if there are improvements that need to be made.
The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated.
For how long have I used the solution?
I've only been using the solution for three months. It hasn't been too long yet. I'm new to the position. My organization, however, has been using the solution for quite a while.
What do I think about the scalability of the solution?
We have different team members on the solution in the UK and India. It's only available to those directly involved in the security aspects of our company.
How are customer service and technical support?
We have our own in-house team that manages a lot of issues that may come up on the solution.
The thing is, security is a major concern for us. We cannot exactly contact their team about a lot of things as we do have process guidelines and we need to follow these processes if we run into issues. If we have problems, we have an expert that can sit right next to us and figure out a solution. This helps us better manage the tool and the security surrounding it, rather than, for example, calling up the company and having a random help desk technician try and assist us.
How was the initial setup?
For our purposes, the initial set up was not complex. It was fairly easy to plug the solution into our build processes and pipelines. We haven't had any issues with configurations or anything like that. It's been very straightforward.
The deployment is very fast and only takes about 15 minutes or so.
We manage the solution ourselves. However, if I personally want to access it, I do need to contact specific team members. Only specific individuals have access. It's not accessible to everyone in the organization.
What about the implementation team?
A specific team in our organization handled the initial setup and holds the license for the product.
Which other solutions did I evaluate?
I've looked at SonarQube. The basic difference between the two solutions is that Checkmarx is a bit more intelligent and can detect vulnerabilities better and faster than SonarQube. SonarQube is more focused on code and style formatting or code complexity. It depends on the priorities of the organization, as each has its own unique benefits.
What other advice do I have?
I don't recall the exact version of the solution we are using.
I would recommend the solution. I'd rate it eight out of ten.
Which deployment model are you using for this solution?