Checkmarx One Reviews

Now we have information about which specific sections have to be fixed. We can now remove the issue from most of the sections.

The solution communicates where to fix the issue for the purpose of less iterations.

The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered.

There were no stability issues.

There were no scalability issues.

I would give technical support a rating of 8/10.

We switched solutions due to the client's requirements.

I faced a few issues in the installation due to my local policies. The customer support was very helpful.

We looked at other tools, such as HPE Security and ZAP solutions.

Go for it, if you want testing on the code level.

We have been using this product extensively for a lot of applications to identify as well as employ proper remediation which makes the application secure including information issues which might get neglected with a manual code review process.

Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application. It therefore makes it easier to identify these as well as fix them.

Checkmarx has the detailed description of all the vulnerabilities which it identifies after the source code scan. These descriptions are just a click away. Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed.

We have not yet encountered any stability issues.

The solution provides high scalability. I am not sure about the limit of scans but it is sufficiently high. However, the issues which we faced were related to database backup. Unfortunately, Checkmarx doesn't do any automated backups which is quite inconvenient.

I would rate the technical support as average. We never had to communicate much with the technical team but based on my knowledge the response from their end was delayed.

I am not aware of any previous solutions.

The setup was straightforward.

It is a good product but a little overpriced.

I don't have much idea about other options since the organization had already purchased the product before I joined.

Better to look out for other products available in the market as well.

They're all as valuable as each other.

We have used this product to verify the dev department's code in order to minimize security holes.

It needs better role management.

I've used it for three years.

No issues encountered.

No issues encountered.

No issues encountered.

It's very good.

It's very good.

This is the only solution I have used.

Very straightforward.

I implemented it myself.

Licensing is expensive per X amount of lines in the code.

No other options were evaluated.

Our primary use case solution is for code scanning.

It has made our organization more efficient with our whole code scan/deployment process for our software applications.

The most valuable features are:

• Ease of use
• Dashboard
• Interface
• Report

I have not had an issue with stability of the product.

There have been no issues with scalability that I am aware of.

I have not needed the use of technical support.

Previously, we considered: Veracode, SonarQube, Fortify and IBM Security AppScan.

I was not involved in the initial setup of the solution.

One should consider:

• Visual studio
• Report generation
• If the solution can be on-prem
• Pricing

It is an expensive solution.

Be cautious of the one-year subscription date. Once it expires, your price will go up.

During the trial period, we tried to build automated security development lifecycles with this product and with other products. We have achieved partial success with this.

The solution allows us to create custom rules for code checks. Without custom rules, the system couldn’t find anything serious in the custom code and libraries.

The main issue was the supported Windows OS for the installation. Windows is not appropriate for a big internet company’s infrastructure. Supporting a Windows machine, especially for this software, is inconvenient.

This product requires you to create your own rulesets. You have to do a lot of customization. The default rules do not work very well. In addition, it is impossible to analyze code with dynamic dependencies.

There were no problems with stability. The application was stable in our test cases.

There were no scalability issues, but keep in mind that our version can only scale on one server.

There is very good technical support. We have the support of two onsite engineers.

We are using other tools along with this solution.

The setup was simple. It mostly involved clicking the “Next” button in the Windows installer.

The pricing was not very good. This is just a framework which shouldn’t cost so much.

The product comes with very strange licensing options. They don’t let you exclude workplace licenses, which are useless for building automated systems.

It provides a graphical view of any vulnerabilities.

I have used it as a consultant.

It could be improved with more reporting of false positives and the understanding of file references.

I've used it for one year.

No issues encountered.

No issues encountered.

One needs to be sure on the number of LOC that will be run and also the size of the code.

8/10.

8/10.

I have used Armorize codesecure.

It's a straightforward deployment, and it learns with time.

I implement it.

It provides us with code analysis.

It helps with vulnerability scanning of codes to prevent vulnerability of our applications.

I've used it for one year.

No issues encountered.

Straight forward. Easy to follow steps. 

I worked for an IT security firm and it was quite easy to setup the product for demo purposes virtually and even physically on the client premises

It was straightforward, as it has easy to follow steps. 

I worked for an IT security firm and it was quite easy to setup the product for demo purposes virtually and even physically on the client premises.

The license is fairly costly but worth the investment.

We use it for code scanning and security testing for our in-house application development. We are using its latest version.

Apart from software scanning, software composition scanning is valuable.

Its user interface could be improved and made more friendly. 

When we change a window, the session times out, and we have to log in again. It can be improved from this aspect.

I have been using this solution for about one year.

It has been stable during our work.

We don't have so many applications. So, I have no idea about its scalability. It is enough for our work at the moment, and we have not had any problem with its scalability.

In our team, we have about 10 users.

We are just users of this solution. There is another team that interacts with them. They get technical support from the vendor on this. 

In my previous company, I used SonarQube. In my opinion, Checkmarx gives better results, and its protection is better than SonarQube.

Another team takes care of its deployment. We are just users. We just log into the server and use it for scanning.

It has been working well. I would rate it a seven out of 10.