Checkmarx Review

It allows for SAST scanning of uncompiled code. More API functionality should be added.


Improvements to My Organization

Cx gives you the ability to push SAST down much lower in the SDLC process. With the use of multiple IDE plugins and the ability to do "incremental" scanning, a scan of your latest code does not bog down your machine as it is offloaded.

Valuable Features

It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc).

Room for Improvement

Meta data is always needed. More tutorials/videos for developers to fix their vulnerabilities is nice. Although the API is useful, I would like to see more functionality added.

Stability Issues

I've had to restart services/bounce the VM on two rare occasions.

Scalability Issues

It scales very easy.

Customer Service and Technical Support

Customer Service:

Customer service is good. Engineers have been quick to get back to me regarding issues and custom work that I have performed.

Technical Support:

Technical support is very knowledgeable.

Initial Setup

Initial setup couldn't be any easier. Cx has good documentation on environment requirements. As long as you meet those, the installation process takes maybe 30 minutes for an initial setup; perhaps a bit longer if you're adding multiple engines.

Implementation Team

An in-house team implemented it.

Pricing, Setup Cost and Licensing

Everything is negotiable. Checkmarx approached our dealings in good faith and clearly wanted to be around for awhile. It is much more inexpensive than some alternatives.

Other Solutions Considered

Before choosing, we also evaluated Fortify, IBM Appscan, Veracode, etc.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
1 Comment
author avatarOrlee Gillis
Consultant

Hi Joe,
Given that you've continued to successfully use Checkmarx for an extended period of time since you contributed to our discussion that compares the solution to Veracode,

How does your experience compare one year later?

(See the discussion thread here:
https://www.itcentralstation.com/questions/checkmarx-or-veracode-which-should-we-choose)

Looking forward to your feedback

Guest
Sign Up with Email