I rate the solution a seven out of ten. 

We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed.

The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code.

Overall, I rate Checkmarx a nine out of ten.

I’d rate the solution eight out of ten based on ease of use, configuration, customer service, and response time. There are other products out there that are provided as a service where they will go, and you push a button, they collect the data, they review the data, yet there's no specific standard license agreement or SLA that says they're supposed to get back to you within a particular moment of time. Everything that Checkmarx does is instantaneous.

Right now, we are partners.

We have the solution deployed in the cloud and on-premises. It's a hybrid setup.

I'd rate the solution seven out of ten.

I'd recommend the product to other users. 

We would recommend that organizations considering this solution think about the size of the project involved, as this product works best with very small-scale applications.

I would rate this solution a seven out of ten.

I rate this solution an eight out of ten. I would recommend going for a piloting approach. With Checkmarx, you have different presets and can determine the security vulnerability standard. Also, check the stability before proceeding with the adoption.

I rate Checkmarx eight out of 10. It's secure, easy to use, and Checkmarx regularly updates their rule sets. I'm happy with the main features of the product, but some of the additional features didn't work for us in the beginning, like scanning at the source code repository level, reporting, etc. There was a lot of back and forth before it started working, so that's why I deducted two points.

My advice for future Checkmarx users is to plan the initial deployment well. You will have to choose the right system configuration: CPUs, RAM, disk space, and backup policy. If you plan ahead, you won't have any issues trying to debug or when the size increases. 

I recommend to have a live session with the marketing team, to have a demo and to track all your doubts before purchasing. Checkmarx is a powerful tool but you need to be sure what you are using, and what it is for. You could use just 20% of what the tool can do, and therefore waste your money. So either fully learn how to use it and evaluate if it’s the right scanning tool to have, or go for a better and cheaper option.

If someone has too many applications, they can directly integrate Checkmarx into the CI/CD pipeline. We got the license and are running the solution for our customers. We do not charge our customers for the solution. Overall, I rate the product an eight out of ten.

I would definitely recommend it. It's an excellent solution.  

Overall, I would rate the solution a nine out of ten because there is always room for improvement. 

Checkmarx could perhaps give more examples of solutions in the reports. It's very good, but sometimes the solutions they give are not necessarily relevant to the code or how it's written. 

So, Checkmarx should give more examples of solutions. Although, it's not that bad because they give a few, one or two. And if you want more, you can look online. But it would help if they could refine it and give additional options for solutions.

Overall, I would rate the solution a three out of ten. 

We have two administrators who coordinate maintenance with the vendor.

My advice is that you need to estimate the right amount of licenses. That's very important because right now, our company needs more licenses, and that was not well estimated at the beginning. The other thing is to be clear about the features of this tool that you want or need.

I would rate this solution as a nine out of ten. 

Overall, we are very satisfied with Checkmarx and it is a product that I recommend.

I would rate this solution an eight out of ten.

I would rate it a seven out of ten. It's not the best tool on the market, but it provides some good capability for what it is.

We have one person for the maintenance of the solution but it is minimal and is not a full-time job.

I would advise others to ask for a demo of the solution and if it works well for their use case then purchase it.

I rate Checkmarx a nine out of ten.

My company is in the service business, so it provides services to customers. For example, the customer uses SonarQube, so my company uses the same tool to execute vulnerability assessments.

I've worked on Checkmarx, NetSuite, Acunetix, and other application security tools used by customers.

My rating for Checkmarx is eight out of ten because it's a good product, and its only con is the cost, which is high for some customers.

I recommend Checkmarx to others because of its performance. The tool has better intelligent outcomes, and Checkmarx has better automation internally.

My company is a Checkmarx customer.

My advice to others is that Checkmarx is good compared to the other tools. However, they are all comparable, it depends on what languages they want to scan. Overall, Checkmarx is a decent solution. It would be a good idea to test other solutions.

I rate Checkmarx

I would rate the solution an eight out of ten since it fulfills most of the requirements. I recommend this tool to anyone who is willing to give it a try.

I strongly recommend Checkmarx to others. I have sold the solution for nearly eight years, and I'm not aware of any major complaints that the users have that could not be resolved.

I rate Checkmarx an eight out of ten.

The Checkmarx application is a live wire of technology delivery, and if your application is vulnerable, then the asset that your acquisition will run will also suffer vulnerability. Providing the scanning ability that shows the errors at the source code level is critical to have effective development of any critical application.

I would recommend Checkmarx eight because it's very critical and integral to the improvement of technology and cyber security today. It's a critical tool in protecting cyberspace, your asset in cyberspace, and an application that runs nearly all human life today. Everything is driven by technology and application.

Checkmarx isn't accredited by the US government for DOD networks, so we've been forced to remove it from the network. I'd rate Checkmarx as seven out of ten.

From an administrative standpoint, I would rate Checkmarx with a five out of ten. From what my users are telling me, I'd give it an eight for the tool's ability to report on vulnerabilities in the user experience. 

I would rate Checkmarx with an eight on the user side and a five on the admin side.

Customers need to work with Checkmarx to scale the system for their needs, i.e. work with their recommendations. The best practices that they have there. 

They have this formula to calculate how many CPUs and how much memory you need. The memory requirements are huge. We've got 64 GB machines to scan them.

That's the low end of what they're recommending. Their processes do a lot of number crunching in memory. For a 4 million line code base, it's just going to consume a lot of time and a lot of resources. 

We are only using the source code scanner. We're not using the OSS scanner. We use Artifactory for our OSS repository, and Artifactory comes with its own built-in OSS scanner. We didn't need two OSS scanners.

My advice to any software development team using a different set of tools is to look at Checkmarx. It's a very good product. It's a great product, in fact. Any organization spending money on a subscription license should not look at it as a cost, rather, it should be seen as an investment. The Checkmarx solution can act as a resource that can help the development team to secure their application delivery. Be it an internal application for their own use, or applications being written for their customers.

This solution tells us where, in our code, the "best-fix location" is. To put this into perspective, consider a particular piece of code where there are ten vulnerabilities detected. Perhaps it is an SQL injection vulnerability. This tool gives you specific locations and informs that if you fix the code in certain areas (e.g. in three specific locations) then the subsequent vulnerabilities will automatically be addressed. Therefore, you save on development effort because you do not need to fix all ten vulnerabilities specifically and independently.

I would rate this product a nine out of ten.

I'm a customer and end-user.

I would recommend the solution to other users. I'd rate the solution eight out of ten. 

The purchase of this solution was a mistake.

I would advise others to deploy the solution and to test all of the functionality before buying and do not trust the marketing from Checkmarx.

I rate Checkmarx a four out of ten.

I don't recall the exact version of the solution we are using.

I would recommend the solution. I'd rate it eight out of ten.

The Checkmarx CxSuite product works well, delivers efficiency to the SDLC, and most important of all, it effectively improves application security.

It works!

I rate Checkmarx an eight out of ten.

We're resellers, however, we don't have an exclusive relationship with this company. We're looking at other products we can use and offer to our clients as well.

In our company, we do not have the Checkmarx solution running on production. We do have it, however, we only have a learning license, which is non-commercial.

On a scale from one to ten, I would rate this product at an eight. Overall, it's been a positive experience so far.

Even though we run it manually, it captures most of the things. We decided to go with Checkmarx two years ago, and we are continuing with it. 

I would rate Checkmarx a seven out of ten. There are a few things that can be improved in this solution.

I would rate the product a ten out of ten. The solution is the best tool for developers and organizations. 

If people are in need of static application security, then I would recommend this product.

I would rate this solution an eight out of ten.

Depending on the client, we could deploy the solution on the cloud or on-premise. I would recommend Checkmarx because you can learn from the scanning done. They have some of the best features which make the product wonderful. 

I rate Checkmarx a ten out of ten.

I don't like the latest license update. I can't set a limit for the reviewer account.

They're a very good company to work with, and that's a very important aspect of any technology these days. You could find very nice technologies, but if the company is not good to work with, it could be of no use. You'll not be able to get it deployed, and you'll not get assistance. You will get bad value for good technology. Checkmarx is a nice, pleasant, and relatively easy company to work with. You will get a good return, and you will get a good partnership and relationship working with them.

I would rate Checkmarx an eight out of ten.

Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications).

We're a customer. We use the solution in our organization.

I'm not sure of which version of the solution we're using.

Overall, I'd rate the solution eight out of ten. We've had a pretty positive experience overall.

In summary, this is a good application that you can use to scan every code language. You can configure the scan because they provide the Checkmarx query language. These queries are very good and very flexible. It requires a knowledge of this language but you can reach and deal with it using most languages.

I would rate this solution an eight out of ten.

It is a good tool. I recommend it in order to ensure software quality.

Personally, I recommend Checkmarx for static analysis.

I give the solution a nine out of ten.

I would recommend this solution to others.

I rate Checkmarx a six out of ten.

If you wish to purchase Checkmarx, you should scan the same source code with a different product, compare them to their competition, and make a decision. This way, you can see the difference and understand the benefits of Checkmarx. Test and scan some lines of code in any programming language you wish, then do the same with a competitor. Checkmarx will produce far fewer false-positives compared to any other solution on the market. Other solutions will produce roughly 900 false-positives whereas Checkmarx will cut that number in half. I am not trying to sell this product to you, this is simply the reality of it.

From the technological side, I would give this solution a rating of ten. From a commercial aspect, because it's relatively expensive, I would give it a rating of eight. Overall, because I must choose one number between one and ten, I will give Checkmarx a rating of ten.

Day by day, they are improving this product. For example, one of the most important features missing was open sources, which they have now added. They were also missing code training facilities, but they have added those as well. They have a complimentary product now.

We're just a customer. We don't have a special relationship with the company.

I would definitely recommend Checkmarx, I find them much more feature-rich than other tools I've used in the past. 

I'd rate the solution eight out of ten.

We are resellers but we are also users of this product when we need to check source code because our main business activity is security assessments, not reselling.

We have many customers who have purchased this solution from our company. One of them is Softcell, a Ukrainian company.

With our approach, we need to find a way to reduce false positives. We don't have great resources to do this work long-term, and we need quick results. There are some projects that have a lot of false positives but we can reduce them by tuning during the scanning. 

Some of our customers like the Codebashing model. It's an additional model for learning for security practice for developers. They ask for additional tests to this model and want to receive the functionality to check the knowledge.

When you receive your product, you should start with testing and understand how it works according to your environment. This includes the language and what framework to choose because it is not a simple solution. You should understand that you should tune it.

The most effective approach is to implement SAST into the SDLC, (software development life cycle).

You should regularly check your source code, and check your security before every release. For infrastructure, security testing is not enough. There are several applications and static source code security is a must.

You should choose Checkmarx SAST for security checks and try to optimize it's build management or source code repository.

I would rate this solution a nine out of ten.

Checkmarx is probably one of the best static code analyzers available in the market at this point. It is very easy to deploy, use, and maintain. The amount of maintenance required is pretty low. It is absolutely a good tool that I can recommend.

Checkmarx has added a lot of functionality since we began using it. This includes OSA, the open-source scan, a training module, and run-time protection.

For static code analysis, we are only using Checkmarx and we plan to continue. 

I would rate this solution a nine out of ten.

This solution is one of the easiest solutions I have used. We have professional services set it up for us but the scans are not enough for us.

I rate Checkmarx an eight out of ten.

I rate Checkmarx a nine out of ten.

I would rate this solution a seven out of ten.

We have a small team. It is about four people in total. We do not require that many staff for the deployment and maintenance of Checkmarx.

We are testing the solution in a small local company. Our idea is to expand the use of it to our clients in the West.

In this space, you can have different points of view and if only you are looking for a solution to do a check in your auditory report, then you can choose anyone. 

If you really are worried about your business, i.e. about your development sites or development environments, Checkmarx is a great solution.

I would rate Checkmarx a nine out of ten because of the price, but technically for me, it is a 10. 

I would rate Checkmarx with a nine because it would be perfect at a more functional level, and could be better at providing these features for parity. 

If you research what Checkmarx is offering in their package distribution, you get exactly what they promise up front, so they are not lying.

I would absolutely recommend this solution. I would rate Checkmarx a nine out of 10.

I rate Checkmarx eight out of 10. Until I get more extensive feedback from clients, I would rate it an eight.

The product is not mature and ready for the enterprise usage yet. It is okay to use it when the support expectations are low and the code is in languages that require support only in Java and .NET.

Go for it, if you want testing on the code level.

Better to look out for other products available in the market as well.

Be cautious of the one-year subscription date. Once it expires, your price will go up.

It has been working well. I would rate it a seven out of 10.

This is a product that I recommend and I would rate it a seven out of ten.

Go for it.

Ask to meet another customer with the same needs or the same kind of organization, to learn from their experience.