Checkmarx One Primary Use Case
AS
reviewer2110539
Technical Lead at a computer software company with 10,001+ employees
Our company uses the solution to check the vulnerabilities in our products at the build level. We capture, identify potential issues and fixes, and publish reports on a weekly basis.
We work in the banking industry and have a license for 100 users.
View full review »When something happens in a test, then you need to know why. In many cases, you would have to run a scan and find all the problems, and then hand that off to development and have development go back and rewrite that code. If you had an issue with a particular aspect where you have a limited amount of personnel or knowledgeable personnel, based on the language that an application was written in, well, then you would need some type of assistance in order to rewrite that code in that particular language, with the limited knowledge that developer might have had. I assisted with that and helped with educating the developer on how to write that code. It was a two-pronged effort.
The number one use case would be a failed PEN test. Number two would be, "Hey, we have a waterfall DEV approach to our SDLC today. We want to become more agile around speed and quality of code." That would be the second. The third would be able to provide an appropriate availability of knowledge for training developers in secure coding.
View full review »We are currently using the solution for scanning vulnerabilities.
View full review »Buyer's Guide
Checkmarx One
April 2024
Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
767,847 professionals have used our research since 2012.
PG
Prakash Ganesan
Engineer senior at a hospitality company with 10,001+ employees
Our main uses of this solution are to ensure our required compliance policies are met, and that we are applying best practice.
We mainly use this solution for static comprehension testing.
NH
Naveen Hariharan Vijaya
Security Consultant at IBM Thailand
Whenever a web application needs to be moved into production, a static code analysis or source code review must be done. The analyst runs several tools on the web application and collects details. Completing a source code review for a particular application will take around five working days.
Since we moved to Checkmarx, it has reduced the time significantly. Usually, we get the report within a day. It lists all the critical vulnerabilities and provides remediation. We provide suggestions to the customers and the project owners to fix the loopholes immediately so that we can move to production. Sometimes, the life cycle is reduced from five days to one day.
MH
reviewer1523667
Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees
One use case is when a development team finishes, or even in the middle of, development. They run Checkmarx, which shows potential vulnerabilities. If they don't understand something, they consult with me.
I explain what Checkmarx is highlighting, why it's "shouting" as we say, the specific vulnerability, and the problem it found in the code. Then, together, we explore the code and decide if it's a valid issue requiring a fix.
We also discuss how to fix it, or if it's a false positive because, in their environment, the problem either cannot exist or doesn't exist in the way they use their software.
We also have another use case. When a software company, like an integration company, does a project for us, we request them to run their code through Checkmarx. If they don't have their own tool, we run it on our Checkmarx and provide them with the report. We request, or rather insist, that they fix most, if not all, of the problems Checkmarx finds.
These might be issues they didn't consider, but we put it in the contract that they have to submit their software to a "code check," meaning they can use Checkmarx or another approved tool. If they don't have a tool or refuse, then it's okay. The key is to have it in the contract and signed.
Otherwise, fixing the software later becomes difficult, especially when the project is nearing completion. That's why we do it when the integration begins, so there's still time to address the issues. If you wait until the very end, it's too late.
View full review »RZ
Ruihan Zhu
Senior Engineer at a computer software company with 5,001-10,000 employees
It is used for scanning for some other purposes. We needed Checkmarx to figure out some OS top ten issues in the codec.
View full review »VY
reviewer1410597
Vice President Of Technology at a computer software company with 5,001-10,000 employees
We primarily use Checkmarx for application security and tracking.
View full review »JD
reviewer1711191
Cybersecurity at a transportation company with 1,001-5,000 employees
I am using it for software assurance focused on security. I am using its latest version.
View full review »MH
reviewer1523667
Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees
Checkmarx is used to check the code from programmers and vulnerabilities in third-party software.
Checkmarx can be deployed on the cloud and on-premise. However, it depends on the version.
View full review »We primarily use Checkmarx for assessing vulnerabilities in applications.
RB
reviewer1171554
Senior Engineer at a tech vendor with 10,001+ employees
We use Checkmarx as a code analysis tool.
View full review »We use the solution for SAST and DAST testing.
View full review »Checkmarx is a source code application for development, which means from the source code level, you can use Checkmarx to detect your coding errors, and to detect vulnerabilities that could have come from the different tools that you were using to develop your application. At the source code level, you can prevent the weaknesses that the application can carry on the journey of its development and use.
Checkmarx helps the users to have a secure coding environment and experience, and a secure source code level of application. That main application can leverage or improve the service delivery to customers.
View full review »JG
reviewer1797681
Techincal Lead of Developers at a government with 10,001+ employees
We mainly use Checkmarx for accreditation, checking for vulnerabilities, and identifying areas in the code to fix some of the NIST 800 security controls.
View full review »DR
Don Robbins
Software Configuration Manager at a tech vendor with 501-1,000 employees
The primary use that we have for Checkmarx is the evaluation of source code vulnerabilities.
We use Git to connect to Checkmarx. We don't use GitHub. We use our own self-hosted Git. We're just using generic Git. One of the biggest thorns in our side is managing that aspect of it. It wouldn't matter if it was GitHub or Bitbucket or any of the other tools that you can use to connect Git to Checkmarx. The issue is the same.
The tool is good at telling us what repository we're connected to, but it is horrible in telling us what branch we're connected to.
MD
Milind Dharmadhikari
Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited
My team uses this product extensively for application vulnerability assessment. This solution is for static application security testing and is used within our software development process.
As the software developers are creating solutions, they are able to identify vulnerabilities while the application is being written, rather than after the entire development is over.
We were interested in having the raw source code scanned, so that was the primary requirement and that is where Checkmarx comes in. We do not need any precompiled libraries, or compiled source code, to be checked by the source code analysis solution.
We have a security team that uses this product to scan source code, rather than have the developers handle it. We do not have any developer licenses (i.e. the SDLC Edition). Instead, the security team identifies the vulnerabilities and shares the report with the development team.
VT
reviewer1534434
System Engineer at a tech vendor with 10,001+ employees
We use the solution on a developing project. Before we bring the code to production, we have to ensure its quality, and we use this solution.
View full review »We are using Checkmarx for analyzing threats.
We are not using the latest version of Checkmarx because we faced some issues.
View full review »We use this solution to check our systems for any vulnerabilities in our applications. Currently, I'm working on a banking tool, which is aligned with the menu. Our system was created 30 years ago and still is running in the market and doing well. However, currently, there are so many changes happening. Any solution coming into the technology needs to have a security check to ensure everything is safe.
View full review »AK
Andrew KPOBI
Java Developer at a security firm with 51-200 employees
We use the product for static code analysis, supply chain, and container security.
View full review »ŁR
reviewer1477026
Solution Manager at a computer software company with 201-500 employees
We're more evaluating the solution rather than using it right now. We're resellers and it's something we'd like to offer to our clients.
View full review »MG
reviewer1479747
Senior Manager at a manufacturing company with 10,001+ employees
We use Checkmarx for security vulnerability identification. We are using its latest version. We have a license to upgrade to the latest version. Whenever there is a new version, we update it to the latest version.
View full review »We use the solution for dynamic application testing.
View full review »RO
CyberSecAn08987
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees
Our primary use case for this solution is SAST, Static Application Security Testing.
View full review »EK
reviewer1192836
Director of consultory at a non-tech company with 1,001-5,000 employees
We onboard clients with the solution. We install the product and do the first scan with them. We help developers with security and the best practices with their applications with this solution.
MC
reviewer1355637
Director at a tech services company with 11-50 employees
We're selling their licenses and their technologies. We have on-premises and cloud deployments. Its deployment depends on the customer requirements.
It is used for a range of requirements for DevSecOps. It has been deployed to ensure that the development cycle delivers clean and secure code that is vulnerability-free. It is there as a part of the whole compliance and security process.
View full review »AR
Antoine Rime
Cyber Security Consultant at a computer software company with 5,001-10,000 employees
We primarily use the solution for static analysis.
View full review »I am in charge of application security and Checkmarx is one of the products that I use in this capacity. We use this product for code scanning and static code analysis.
View full review »We use the solution for our international customers.
View full review »VS
reviewer1398084
Procurement Analyst at a pharma/biotech company with 10,001+ employees
We use the solution for scanning the code for security.
View full review »I am the founder and the chairman of an internationally certified cybersecurity research lab. I have a Ph.D. in cryptology and network security.
We are a strategic partner of Checkmarx. Our job is to help them develop solutions. Currently, we are developing some algorithms and strategic solutions for them. Checkmarx informs us about what is happening, in advance, before they launch a product. We are also one of their testers.
View full review »DK
Deepak Kamra
Vice President at Arisglobal Software Pvt Ltd
We are using it for static security scanning and static security testing. We also use it for code dependency analysis. We use two of the solution's tools for each variable.
View full review »MM
reviewer971370
CEO at a tech services company with 11-50 employees
The primary use case is for a white-box penetration testing security. When we work with source code, it's a tool to help us conduct a deep analysis on a source code level.
We push the zip file with source code to our own stent with the solution and receive a report. Also, we work with the interface to find the vulnerabilities we may have.
The most popular projects for us are the mobile application security assessment. We propose this option to our customers to check source code for iOS and Android mobile applications.
View full review »TD
reviewer1415661
General Manager at a consultancy with 51-200 employees
We use Checkmarx for static analysis as part of our software development lifecycle. It is very important because it helps us identify the security flaws in the code at a very early stage. Ultimately, this helps in reducing costs.
View full review »Checkmarx is used for application security, we can detect the stability and other details on how to fix issues.
View full review »YB
reviewer932058
AVP, aPaaS Engineer at a financial services firm with 10,001+ employees
We are using Checkmarx for application code scanning, such as scanning for different leverages in the application code.
View full review »SB
Samuel Baguma
Senior Security Engineer at a pharma/biotech company with 501-1,000 employees
When I had an issue that was causing trouble in my code, I would upload it to Checkmarx to perform static code analysis. I would then study the reports.
View full review »EB
EduardoBeltran
Director and Co-Founder at Ushiro-tec
We use Checkmarx to review the source code for the external applications that we expose to the cloud or other servers on the internet.
View full review »AN
reviewer1646475
Senior Cybersecurity Solution Architect at a computer software company with 51-200 employees
Checkmarx is used only for static application security testing (SAST), and it can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.
View full review »JB
reviewer1002378
Principal Software Engineer; Practice Lead at a comms service provider with 10,001+ employees
Code scan. We performed periodic static code scans on copies of our Git repository to identify possible vulnerabilities.
View full review »RG
reviewer1521882
Information Security Architect at a tech services company with 1,001-5,000 employees
We are using multiple solutions for application security, and Checkmarx is one of them. We are a client-centric organization, and we are also providing support to clients for application security. Sometimes, we have our own production, and then we scan the customer information and provide application security. For a few clients, it is deployed on the cloud, and for a few customers, it is on-premises.
View full review »AS
Ankur Sood
Technical Architect at Photon Interactive
I have used it for source code scanning of security vulnerabilities. It seems to be a good tool. It gives the proper code flow of vulnerabilities and the number of occurrences.
View full review »SD
Bus432Anly
Business Analyst at a tech services company with 201-500 employees
Our primary use case solution is for code scanning.
View full review »KN
reviewer1108275
Security at a tech services company with 51-200 employees
We use it for code scanning and security testing for our in-house application development. We are using its latest version.
View full review »We use Checkmarx for scanning our source code.
View full review »Buyer's Guide
Checkmarx One
April 2024
Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
767,847 professionals have used our research since 2012.