Checkmarx Reviews

Filter by:Reset all filters
industry
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
rating
Filter Unavailable
Robert V. Jones
Real User
Founder at a tech company with 51-200 employees
Featured Review

What is most valuable?

The ability to identify a vulnerability, the optimal place for remediation and the correct syntax is very valuable.... more»

How has it helped my organization?

The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the... more»

What needs improvement?

The product can be improved by continuing to expand the application languages and frameworks that can be scanned for... more»

What's my experience with pricing, setup cost, and licensing?

The product licensing offers the flexibility to cover a wide range of environments. The pricing is competitive and... more»

Which solutions did we use previously?

I did not previously use a different solution.

What other advice do I have?

The Checkmarx CxSuite product works well, delivers efficiency to the SDLC, and most important of all, it effectively... more»
Gustavo_Gonzalez
Real User
Technical Program Manager at a engineering company with 10,001+ employees
Feb 26 2017

What is most valuable?

* The export feature and presentation of the results. * The ability to track the vulnerabilities inside the code... more»

How has it helped my organization?

For manual code testing, Checkmarx has been very helpful discarding false positives, filtering and removing a lot of... more»

What needs improvement?

The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as... more»

What's my experience with pricing, setup cost, and licensing?

Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning... more»

Which solutions did we use previously?

I used to work mostly on checking the source code manually, and estimated the time of completion counting the lines of... more»

What other advice do I have?

I recommend to have a live session with the marketing team, to have a demo and to track all your doubts before... more»
Anindita Srivastava
Real User
Senior Manager at a financial services firm
Feb 23 2017

What is most valuable?

Scan reviews can occur during the development lifecycle.

How has it helped my organization?

It moved our organization towards being agile vs. waterfall.

What needs improvement?

The areas in which this product needs to improve are: * C, C++, VB and T-SQL are not supported by this product.... more»

What's my experience with pricing, setup cost, and licensing?

The license has a vague language around P1 issues and the associated support. Make sure to review these in order to... more»

Which solutions did we use previously?

Previously, we were using a different solution. We were leveraging multiple tools since we have code in multiple... more»

What other advice do I have?

The product is not mature and ready for the enterprise usage yet. It is okay to use it when the support expectations... more»
Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security.
305,899 professionals have used our research since 2012.
Reviewer59103
Consultant
Software Engineer at a tech services company with 10,001+ employees
Jan 22 2018

What is most valuable?

The most valuable feature for me is the Jenkins Plugin. We usually take a copy of the normal build job for Checkmarx so... more»

How has it helped my organization?

It is very easy to insert the tool in the SDLC because there are a wide variety of ways to access the source-code,... more»

What needs improvement?

I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any... more»

What's my experience with pricing, setup cost, and licensing?

We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code... more»

Which solutions did we use previously?

None. I started with this product.

What other advice do I have?

Before implementing the product I would evaluate if it is really necessary to scan so many different languages and... more»
Anonymous User
Consultant
Innovation Consultant (Security Analyst) at a tech services company with 1,001-5,000 employees
Feb 23 2017

What is most valuable?

Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application.... more»

How has it helped my organization?

We have been using this product extensively for a lot of applications to identify as well as employ proper remediation... more»

What needs improvement?

Checkmarx has the detailed description of all the vulnerabilities which it identifies after the source code scan. These... more»

What's my experience with pricing, setup cost, and licensing?

It is a good product but a little overpriced.

Which solutions did we use previously?

I am not aware of any previous solutions.

What other advice do I have?

Better to look out for other products available in the market as well.
Anonymous User
Consultant
SRE Vice Group Manager at a tech services company with 1,001-5,000 employees
Jan 25 2017

What is most valuable?

The solution allows us to create custom rules for code checks. Without custom rules, the system couldn’t find anything serious in the custom... more»

How has it helped my organization?

During the trial period, we tried to build automated security development lifecycles with this product and with other products. We have achieved... more»

What needs improvement?

The main issue was the supported Windows OS for the installation. Windows is not appropriate for a big internet company’s infrastructure.... more»

What's my experience with pricing, setup cost, and licensing?

The pricing was not very good. This is just a framework which shouldn’t cost so much. The product comes with very strange licensing options.... more»

Which solutions did we use previously?

We are using other tools along with this solution.
Nabil Khlifi
Consultant
SAP FIORI / HCP Consultant at Silveo
Mar 06 2017

What is most valuable?

* Performs security checks for SAP Fiori applications * Helps us check vulnerabilities in our SAP Fiori application * Easy to use and master *... more»

How has it helped my organization?

This product helps us to deliver good quality software.

What needs improvement?

I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service.... more»

Which solutions did we use previously?

We haven't used anything else. This is our first solution.

What other advice do I have?

It is a good tool. I recommend it in order to ensure software quality.
JohanSoula
Real User
Responsable du Pôle Sécurité des Applications at a financial services firm with 5,001-10,000 employees
Jun 29 2017

What is most valuable?

Valuable features include: * Both automatic and manual code review (CxQL). * The languages covered by the solution.

How has it helped my organization?

After a proper on-boarding, we can set up proper reports of code vulnerability and/or misconfiguration to developers.... more»

What needs improvement?

Integration into the SDLC (i.e. support for last version of SonarQube) could be added.

What's my experience with pricing, setup cost, and licensing?

Include PS or deployment assistance in order not to miss true positive vulnerabilities. Really powerful tool, but it... more»

Which solutions did we use previously?

We didn’t really have a previous solution but Checkmarx was the best match for .NET support and scan without resolving... more»

What other advice do I have?

Ask to meet another customer with the same needs or the same kind of organization, to learn from their experience.
Yafes Duygulutuna
Real User
Sr. Security Engineer at SugarCRM
Jul 04 2017

What is most valuable?

Vulnerability details part.

How has it helped my organization?

* Put the vulnerability details area on the right side of the application or it may be changeable * Save and reset... more»

What needs improvement?

* Vulnerability details: Reduce false positive results and improve it by providing more details how I can resolve the... more»

What's my experience with pricing, setup cost, and licensing?

We don't have any specific advice about these issues.

Which solutions did we use previously?

We were using Fortify. Its software capability was limited in terms of mobile code scanning.

What other advice do I have?

I don't like the latest license update. I can't set a limit for the reviewer account.
See 3 More Checkmarx Reviews

Articles

User Assessments By Topic About Checkmarx

Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security.
305,899 professionals have used our research since 2012.

Checkmarx Questions

Checkmarx Projects By Members

Checkmarx Consultants

What is Checkmarx?

Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

Whitepaper: I, II

Checkmarx customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech

Case Study: Liveperson Implements Innovative Secure SDLC

Checkmarx White Papers
How to Implement DevSecOps Throughout Your SDLC
The Complete Guide to Developer Secure Coding Education
The JavaScript Guide: Web Application Secure Coding Practices
Adding the “Sec” to DevOps
Amazon Echo: Alexa Leveraged as a Silent Eavesdropper
Checkmarx Videos
Screen Shots
BUYER'S GUIDE
Download our free Application Security Report and find out what your peers are saying about Checkmarx, SonarQube, Micro Focus, and more!

Sign Up with Email