Checkmarx One Reviews, Competitors and Pricing

it_user1286010

Senior Software Engineer at a computer software company with 10,001+ employees

Jul 8, 2020

Download

Simple to use interface, but it needs to have support for more languages

Pros and Cons

"The most valuable feature is the simple user interface."

"I would like to see the rate of false positives reduced."

What is our primary use case?

We use Checkmarx for scanning our source code.

What is most valuable?

The most valuable feature is the simple user interface.

What needs improvement?

I would like to see the rate of false positives reduced.

Checkmarx needs support for more languages, including COBOL.

What do I think about the stability of the solution?

The stability is fine.

Buyer's Guide

Checkmarx One

May 2024

Free Report: Checkmarx One Reviews and More

Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.

DOWNLOAD NOW

769,662 professionals have used our research since 2012.

How are customer service and support?

I have not been in contact with technical support.

What other advice do I have?

This is a product that I recommend and I would rate it a seven out of ten.

Which deployment model are you using for this solution?

On-premises

Disclosure: I am a real user, and this review is based on my own experience and opinions.

it_user538254

Assistant Manager Business Development at a tech services company with 501-1,000 employees

Nov 23, 2016

Download

It offers comprehensive and incremental scanning, and supports all major languages.

Pros and Cons

"Less false positive errors as compared to any other solution."

"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."

How has it helped my organization?

As an InfoSec consulting company, we come across major challenging projects. Checkmarx has made life easy and my team is best at using it. It reduces manual efforts in using test cases against any vulnerability found during source code reviews. Apart from OWASP Top Ten, Checkmarx is quite intelligent to find the latest vulnerability and report it.

What is most valuable?

Some valuable features of this product are:

Very comprehensive scanning
Less false positive errors as compared to any other solution
Incremental scanning
Supports all major languages

What needs improvement?

Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices.

What do I think about the stability of the solution?

I have not encountered any stability issues.

What do I think about the scalability of the solution?

I have not encountered any scalability issues.

How are customer service and technical support?

I have never used technical support, so can't comment. We ourselves are expert at it.

Which solution did I use previously and why did I switch?

We have used no other product.

How was the initial setup?

The setup process was simple.

What's my experience with pricing, setup cost, and licensing?

It is the right price for quality delivery.

Which other solutions did I evaluate?

We did not evaluate other options, before choosing this product.

What other advice do I have?

Go for it.

Disclosure: My company has a business relationship with this vendor other than being a customer: We're the primary resellers of the product in India and Middle East region.

Buyer's Guide

Checkmarx One

May 2024

Free Report: Checkmarx One Reviews and More

Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.

DOWNLOAD NOW

769,662 professionals have used our research since 2012.

it_user692304

Responsable du Pôle Sécurité des Applications at a tech company with 51-200 employees

Jun 29, 2017

Download

Both automatic and manual code review are possible. We can set up proper reports of code vulnerability.

Pros and Cons

"Both automatic and manual code review (CxQL) are valuable."

"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."

How has it helped my organization?

After a proper on-boarding, we can set up proper reports of code vulnerability and/or misconfiguration to developers.

Security can be part of the SDLC and reduce the cost of vulnerability remediation. Also, we got faster remediation time for high and critical vulnerability.

What is most valuable?

Valuable features include:

Both automatic and manual code review (CxQL).
The languages covered by the solution.

What needs improvement?

Integration into the SDLC (i.e. support for last version of SonarQube) could be added.

What do I think about the stability of the solution?

We had to lock the number of CPUs used to not crash the Checkmarx Audit.

What do I think about the scalability of the solution?

We haven’t had scalability issues yet.

How are customer service and technical support?

Professional service is really good. Support is too formal. Quickly answering it is not supported instead of developing a hot fix.

Which solution did I use previously and why did I switch?

We didn’t really have a previous solution but Checkmarx was the best match for .NET support and scan without resolving the dependencies.

How was the initial setup?

Setup was straightforward, but quickly you need complex fine tuning.

What's my experience with pricing, setup cost, and licensing?

Include PS or deployment assistance in order not to miss true positive vulnerabilities. Really powerful tool, but it must be configured to match your application.

What other advice do I have?

Ask to meet another customer with the same needs or the same kind of organization, to learn from their experience.

Disclosure: I am a real user, and this review is based on my own experience and opinions.