What is our primary use case?
We use a classic cloud service, but from a vendor, so we have a private cloud deployment. In the future, we may switch to an on-premises solution.
What is most valuable?
This solution has an interactive approach that allows you to quickly receive basic knowledge about vulnerabilities and how they should be fixed. It is easy to understand how it works, and how things should be fixed. Everything is in one place.
This product will integrate well with a socket solution. When a vulnerability is detected, you can redirect to CodeBaching, which is very useful.
This solution is very comfortable for developers, even at the junior level.
What needs improvement?
We would like to be able to add our own lessons to the platform because right now we can't add our own information. It would be helpful to create a "lesson platform", for example.
It would be helpful if the solution included tests or exams that would allow you to study, for example, all Java vulnerabilities, and then afterward test your knowledge. This is a typical functionality for learning platforms.
I would like to see more integration with other educational platforms. They have a good start because it integrates well with their own solutions.
For how long have I used the solution?
I have been using this solution for about eighteen months.
What do I think about the stability of the solution?
This is a stable solution. We have never had a situation where we could not connect to the vendor's cloud.
What do I think about the scalability of the solution?
We currently have three users, and they are experts in information security.
How are customer service and technical support?
We have not needed to contact technical support for this solution because everything is clear. We have dealt with the same vendor for other solutions and they have a very quick response. They also have Russian speakers available.
If you previously used a different solution, which one did you use and why did you switch?
Some of our customers used their own products before switching to Codebashing.
We just used documentation and materials from other languages, but it is not as comfortable. In Codebashing, you have one solution for all languages. Previously, we needed to find something for Java, and then something for C, then try to understand what might be a good description and come up with an example. We spent a lot of time on this process.
How was the initial setup?
The initial setup of this solution is very easy. Checkmarx has very good instructions and user manuals, so there are not many problems when it comes to installing and configuring their products.
What about the implementation team?
We deployed this solution with our in-house engineers. There is a lot of technical documentation on the Checkmarx Wikibase, and it's an open base. There are very good examples with screenshots and step-by-step instructions.
Which other solutions did I evaluate?
We did not evaluate other solutions before choosing this one.
What other advice do I have?
This is a solution that I recommend to people who have a Checkmarx socket implementation because it is good to have a platform with this training program included. Otherwise, it depends on the customer. If they have a lot of their own code development then training is needed. However, in some cases, where they have good experts with a lot of knowledge, then their own experts can teach the staff.
For companies that do not have information security experts available for training, then this is a very good platform to have because it has very clear and quick lessons.
This product is good and it is reliable.
I would rate this solution a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.