Checkmarx Review

Detailed reporting assists in repairing problems, but there are a lot of false positives


What is our primary use case?

When I had an issue that was causing trouble in my code, I would upload it to Checkmarx to perform static code analysis. I would then study the reports.

How has it helped my organization?

Using this product improved the stability of my code that went into production.

What is most valuable?

The most valuable feature is the scanning.

The reports are very good because they include details on the code level, and make suggestions about how to fix the problems.

What needs improvement?

You can't use it in the continuous delivery pipeline because the scanning takes too much time. Better integration with the CD pipeline would be helpful.

It reports a lot of false positives so you have to discriminate and take ones that are rated at either a one or a two. The lower-rated problems need to be discarded.

For how long have I used the solution?

I used Checkmarx for about six months at my previous place of employment. I stopped using it about six months ago.

What do I think about the scalability of the solution?

We had perhaps 100 users at my previous job.

How are customer service and technical support?

I was not in contact with technical support.

What other advice do I have?

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Checkmarx reviews from users
...who work at a Financial Services Firm
...who compared it with HCL AppScan
Add a Comment
Guest