Checkmarx Other Advice

Don Robbins
Software Configuration Manager at a tech vendor with 501-1,000 employees
From an administrative standpoint, I would rate Checkmarx with a five out of ten. From what my users are telling me, I'd give it an eight for the tool's ability to report on vulnerabilities in the user experience. I would rate Checkmarx with an eight on the user side and a five on the admin side. Customers need to work with Checkmarx to scale the system for their needs, i.e. work with their recommendations. The best practices that they have there. They have this formula to calculate how many CPUs and how much memory you need. The memory requirements are huge. We've got 64 GB machines to scan them. That's the low end of what they're recommending. Their processes do a lot of number crunching in memory. For a 4 million line code base, it's just going to consume a lot of time and a lot of resources. We are only using the source code scanner. We're not using the OSS scanner. We use Artifactory for our OSS repository, and Artifactory comes with its own built-in OSS scanner. We didn't need two OSS scanners. View full review »
Milind Dharmadhikari
Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited
My advice to any software development team using a different set of tools is to look at Checkmarx. It's a very good product. It's a great product, in fact. Any organization spending money on a subscription license should not look at it as a cost, rather, it should be seen as an investment. The Checkmarx solution can act as a resource that can help the development team to secure their application delivery. Be it an internal application for their own use, or applications being written for their customers. This solution tells us where, in our code, the "best-fix location" is. To put this into perspective, consider a particular piece of code where there are ten vulnerabilities detected. Perhaps it is an SQL injection vulnerability. This tool gives you specific locations and informs that if you fix the code in certain areas (e.g. in three specific locations) then the subsequent vulnerabilities will automatically be addressed. Therefore, you save on development effort because you do not need to fix all ten vulnerabilities specifically and independently. I would rate this product a nine out of ten. View full review »
EduardoBeltran
Director and Co-Founder at Ushiro-tec
We have a small team. It is about four people in total. We do not require that many staff for the deployment and maintenance of Checkmarx. We are testing the solution in a small local company. Our idea is to expand the use of it to our clients in the West. In this space, you can have different points of view and if only you are looking for a solution to do a check in your auditory report, then you can choose anyone. If you really are worried about your business, i.e. about your development sites or development environments, Checkmarx is a great solution. I would rate Checkmarx a nine out of ten because of the price, but technically for me, it is a 10. I would rate Checkmarx with a nine because it would be perfect at a more functional level, and could be better at providing these features for parity. If you research what Checkmarx is offering in their package distribution, you get exactly what they promise up front, so they are not lying. View full review »
Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security. Updated: October 2019.
378,327 professionals have used our research since 2012.
Reviewer59103
Security Source Code Analyst at a tech services company with 10,001+ employees
Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications). View full review »
CyberSecAn08987
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees
If people are in need of static application security, then I would recommend this product. I would rate this solution an eight out of ten. View full review »
Bus432Anly
Business Analyst at a tech services company with 201-500 employees
Be cautious of the one-year subscription date. Once it expires, your price will go up. View full review »
Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security. Updated: October 2019.
378,327 professionals have used our research since 2012.
Sign Up with Email