Checkmarx Reviews

Filter by:Reset all filters
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Don Robbins
Real User
Software Configuration Manager at a tech vendor with 501-1,000 employees
Jun 19 2019

What is most valuable?

I'm more of the admin as opposed to a user of Checkmarx. Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before.

How has it helped my organization?

I haven't been monitoring how well our projects have been at reducing vulnerabilities. Checkmarx is one that you have to actively follow, and my position doesn't require… more»

What needs improvement?

One of the biggest heartaches that we have is that all of our Windows servers are on an automated upgrade. Whenever Windows upgrades, we lose the order of the ciphers and… more»

What's my experience with pricing, setup cost, and licensing?

I've got 100 licenses for Checkmarx. As people come and go, it's a hassle to add and remove them. In this day and age, it's such a meaningless time-waster.

Which solution did I use previously and why did I switch?

The tool that we were using before was AppScan.

What other advice do I have?

From an administrative standpoint, I would rate Checkmarx with a five out of ten. From what my users are telling me, I'd give it an eight for the tool's ability to report… more»

Which other solutions did I evaluate?

We were previously working with Azure. We switched because of their implementation of SQL Server. Checkmarx uses statements to move from database to database. Azure does… more»
Milind Dharmadhikari
Real User
Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited
May 18 2019

What is most valuable?

There are many features, but first is the fact that it is easy to use, and not complicated. One of the cool features is that it identifies the development technology that… more»

How has it helped my organization?

The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete. As an example, an application may contain… more»

What needs improvement?

The reports are good, but they still need to be improved considering what the UI offers. For example, the UI will suggest the "best-fix location", whereas this information… more»

What's my experience with pricing, setup cost, and licensing?

We have a subscription license that is on a yearly basis, and it's a pretty competitive solution. I don't know of any additional costs, beyond the standard licensing fees… more»

Which solution did I use previously and why did I switch?

I do not have recent, hands-on experience with this tool but, I have used it in the past and my team now uses it extensively. We did not use a tool previous to this one… more»

What other advice do I have?

My advice to any software development team using a different set of tools is to look at Checkmarx. It's a very good product. It's a great product, in fact. Any… more»

Which other solutions did I evaluate?

We evaluated the Fortify Static Code Analyzer and IBM Security AppScan, but our evaluation was not fully completed. We were happy with what we were seeing with Checkmarx… more»
Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security. Updated: February 2020.
398,567 professionals have used our research since 2012.
EduardoBeltran
Real User
Director and Co-Founder at Ushiro-tec
Apr 17 2019

What is most valuable?

The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot… more»

How has it helped my organization?

We received two main benefits from Checkmarx: * Better Security * Saving Time I recommend Checkmarx to be sure that your development has robust security. For your team management, Checkmarx has a very… more»

What needs improvement?

Checkmarx could probably do something to improve their license model. If you have a small company, or if you have a small team with just one or two applications, the entry-level price is too high for… more»

Which solution did I use previously and why did I switch?

We used Veracode for some time and it's also a good solution. Veracode fits better for small companies. It's more automatic. Checkmarx is more complete and they have more features to support our… more»

What other advice do I have?

We have a small team. It is about four people in total. We do not require that many staff for the deployment and maintenance of Checkmarx. We are testing the solution in a small local company. Our… more»

Which other solutions did I evaluate?

We evaluated some products from a company in Spain. Checkmarx provided better functionality and options for us.
CyberSecAn08987
Real User
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees
May 25 2019

What is most valuable?

There are many good features like site integration, but the most valuable feature for us is the XL scan of source code.

How has it helped my organization?

Our static operation security has been able to identify more security issues since implementing this solution.

What needs improvement?

It would be really helpful if the level of confidence was included, with respect to identified issues. Some competitors have this feature, and it helps a lot to concentrate on the real findings.

Which solution did I use previously and why did I switch?

Prior to this solution, we were using IBM Security AppScan. We had many, many issues with the application, along with complaints about the deployment time. The main reason we switched is that it was… more»

What other advice do I have?

If people are in need of static application security, then I would recommend this product. I would rate this solution an eight out of ten.

Which other solutions did I evaluate?

We did evaluate other options.
Bus432Anly
Real User
Business Analyst at a tech services company with 201-500 employees
Nov 01 2018

What do you think of Checkmarx?

What is our primary use case?

Our primary use case solution is for code scanning.

How has it helped my organization?

It has made our organization more efficient with our whole code scan/deployment process for our software applications.

What is most valuable?

The most valuable features are: Ease of use Dashboard Interface Report

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I have not had an issue with stability of the product.

What do I think about the scalability of the solution?

There have been no issues with scalability that I am aware of.

How are customer service and technical support?

I have not needed the use of technical support.

Which solution did I use previously and why did I switch?

Ankur Sood
Real User
Technical Architect at a tech services company with 1,001-5,000 employees
Feb 27 2018

What do you think of Checkmarx?

What is our primary use case?

I have used it for source code scanning of security vulnerabilities. It seems to be a good tool. It gives the proper code flow of vulnerabilities and the number of occurrences.

How has it helped my organization?

We have scanned various applications with it. It works fine, although we need to check manually for false positive issues. 

What is most valuable?

After scanning, it shows in-depth code of where actual vulnerabilities are, which helps us to analyze them.

What needs improvement?

It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use.

For how long have I used the solution?

One to three years.
James Barwick
Real User
Principal Software Engineer at a comms service provider with 10,001+ employees
Feb 07 2019

What do you think of Checkmarx?

What is our primary use case?

Code scan. We performed periodic static code scans on copies of our Git repository to identify possible vulnerabilities.

How has it helped my organization?

Code consistency. It prompted our developers to fix code or document code they otherwise would not have done.

What is most valuable?

The consistency of code. Showed our team where they are inconsistent or where they have made simple omissions.

What needs improvement?

Dynamic testing. If it had that feature I would have liked to see more consideration of framework validations that we don't have to duplicate. These flags are false positives.

For how long have I used the solution?

One to three years.

Articles

User Assessments By Topic About Checkmarx

Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security. Updated: February 2020.
398,567 professionals have used our research since 2012.

Checkmarx Questions

What is Checkmarx?

Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

Whitepaper: I, II

Checkmarx customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech

Case Study: Liveperson Implements Innovative Secure SDLC

Read Archived Reviews
BUYER'S GUIDE
Download our free Application Security Report and find out what your peers are saying about Checkmarx, SonarQube, Micro Focus, and more!