Codebashing Review

Good plugins, very scalable, and great for checking code vulnerabilities

What is our primary use case?

We use the solution for scanning the codes we develop in Java. We use it to check them against our glitches, then we mediate them before we push them to the applications and to the server.

What is most valuable?

It helps us to channel our secure application. We get to at least mediate most of the code vulnerabilities before we push it to the servers and it gets up to a level of assurance that the code is secured right. It helps prevent crimes as it makes sure everything is secure and there aren't any loopholes or back doors.

The stability is good.

It's pretty scalable.

There are lots of great plugins available.

What needs improvement?

I've never really considered any improvements as the solution tends to offer the exact feature sets we need.

The configuration could use some improvement.

The user interface could be updated and refreshed. It has the appearance of being very basic.

If you look at the reporting, it only gives you a basic summary and then gives you details of the code and maybe some suggestions. It's not clear on the vulnerabilities per se. It could be more robust.

It would be ideal if we could get an IDE plugin on the solution. That makes it easier when you are developing and when you are writing your code. You can check the vulnerabilities before you actually go for the scan.

For how long have I used the solution?

The solution was already in place before I joined my current organization and therefore the company itself has used it longer than I have. I've been using it for about two years at this point.

What do I think about the stability of the solution?

I haven't experienced any downtime. The stability is quite good. The only thing I experienced is that it doesn't seem to take above 200. If, let's say, that the project is above 200 MB, it rejects it. However, it is my understanding that it is a configuration issue for our side. 

What do I think about the scalability of the solution?

It's hard to say how many users are on this solution, as our company runs across many countries. It could be thousands of people across 20+ African countries.

We use it regularly. Once we build an application, a part of the requirements is that we need to pass it through Checkmarx.

It's a shared environment across multiple countries, with the head office being in South Africa.

Now that we've moved to the cloud, I've found it to be very scalable.

How are customer service and technical support?

I've never dealt with technical support. I can't speak to their responsiveness or level of knowledge.

Which solution did I use previously and why did I switch?

It's my understanding that the company used to use SonarQube. 

SonarQube starts right from the IDE and it has a MiFi interface. When the developer is developing they get to see the vulnerabilities from their IDE.

How was the initial setup?

I wasn't present for the initial setup. I don't know if the solution had a straightforward setup or if it was complex in any way.

Our in-house security team handles the maintenance on the solution.

What's my experience with pricing, setup cost, and licensing?

I don't have any information about the pricing of the solution. It's not an aspect that I handle.

What other advice do I have?

We're just customers. We don't have a business relationship with the company.

I'm pretty sure that the company is using the latest version. I didn't really check the version number, however, I think it's the latest.

While we do use a cloud version now, it was previously deployed on-premises.

It is a great solution. It's easy to integrate into and it is very common, very popular, here. Anything you need to do, you can do it on the platform. For example, if you're looking to add it to your CITD pipeline, there's a plugin to do that. It's great.

Overall, out of ten, I'd rate it at a nine.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment