Checkmarx Software Composition Analysis Review

A solid, stable, and easy-to-deploy solution that allows you to incorporate it into a CICB pipeline and has the ability to do incremental scans


What is our primary use case?

We use it for scanning .NET and Java applications. We are using its latest version.

What is most valuable?

One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good.

It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely.

What needs improvement?

Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive.

It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx.

For how long have I used the solution?

I have been using this solution for maybe three months.

What do I think about the stability of the solution?

It is still in the early stages, but it is performing as expected. It has been very solid and stable. We haven't had any problems with it. We've used it maybe against a dozen projects. We might have done a hundred scans. 

How are customer service and technical support?

They provided some technical support during the installation. They clarified some questions and were very responsive.

How was the initial setup?

The initial setup was straightforward. It took maybe three to five days.

What about the implementation team?

It was implemented in-house.

What's my experience with pricing, setup cost, and licensing?

It is a little bit high priced. It would be better if it was a little less expensive.

What other advice do I have?

I would rate Checkmarx Software Composition Analysis a nine out of ten.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Checkmarx, Synopsys, JFrog and others in Software Composition Analysis (SCA). Updated: June 2021.
510,204 professionals have used our research since 2012.
Add a Comment
Guest