Checkmarx Review

Good reporting, performance, and coverage for different languages

What is our primary use case?

We primarily use Checkmarx for application security and tracking.

What is most valuable?

The most valuable feature is the application tracking reporting.

From the user's perspective, the interface is pretty good. It will point out the exact line of code when an issue is found.

It is good in terms of coverage for different languages.

It is updated automatically so there is less maintenance.

What needs improvement?

The cost per user is high and should be reduced. Five years ago, it was a user-based model, which was significantly better. It would be great if we could distribute the cost equally between projects.

For how long have I used the solution?

I have been working with Checkmarx for about two years.

What do I think about the stability of the solution?

This is a stable product.

What do I think about the scalability of the solution?

It is scalable in terms of being able to run multiple instances for different products. We have approximately 10 users, which is the size of our application security team.

I would like to increase our usage of this product, but it will ultimately depend on the company's strategy.

How are customer service and technical support?

Given the stability of Checmarx, it doesn't require a lot of communication with technical support. That said, we have been in touch with them for non-technical issues and they have a good team with a lot of Russian speakers.

Which solution did I use previously and why did I switch?

Prior to using Checkmarx, I used AppScan but the concept is completely different. With Checkmarx, you are working with source code, whereas as with AppScan, you are working with binaries. You can say that AppScan is more like a dynamic security scan and Checkmarx is more static.

These products are quite different in terms of how you do the testing. Checkmarx is better from both a performance perspective and reporting a lower number of false positives.

How was the initial setup?

We did not have any trouble with the initial setup. Our deployment was done within a couple of hours. The easiest thing to do is create a virtual machine and deploy it.

What about the implementation team?

Our in-house IT staff was responsible for the implementation.

What's my experience with pricing, setup cost, and licensing?

The number of users and coverage for languages will have an impact on the cost of the license. We would like to deploy it for the whole company but it's a question of spending thousands of dollars. Investing $200,000 or $300,000 would be an upper management decision.

The educational component is additional and costs approximately $100 per month for each user. This is too high so we did not agree to the service.

What other advice do I have?

Overall, we are very satisfied with Checkmarx and it is a product that I recommend.

I would rate this solution an eight out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Checkmarx reviews from users
...who work at a Financial Services Firm
...who compared it with HCL AppScan
Add a Comment