Checkmarx Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
EduardoBeltran
Real User
Director and Co-Founder at Ushiro-tec
Apr 17 2019

What is most valuable?

The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the… more»

How has it helped my organization?

We received two main benefits from Checkmarx: * Better Security * Saving Time I recommend Checkmarx to be sure that your development has robust… more»

What needs improvement?

Checkmarx could probably do something to improve their license model. If you have a small company, or if you have a small team with just one or two… more»

If you previously used a different solution, which one did you use and why did you switch?

We used Veracode for some time and Veracode is also a good solution too. Probably Veracode fits better for small companies. It's more automatic. If… more»

What other advice do I have?

We have a small team. It is about four people in total. We do not require that many staff for the deployment and maintenance of Checkmarx. We are… more»
Reviewer59103
Consultant
Software Engineer at a tech services company with 10,001+ employees
Jan 22 2018

What is most valuable?

The most valuable feature for me is the Jenkins Plugin. We usually take a copy of the normal build job for Checkmarx so… more»

How has it helped my organization?

It is very easy to insert the tool in the SDLC because there are a wide variety of ways to access the source-code… more»

What needs improvement?

I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event… more»

What's my experience with pricing, setup cost, and licensing?

We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning… more»

If you previously used a different solution, which one did you use and why did you switch?

None. I started with this product.

What other advice do I have?

Before implementing the product I would evaluate if it is really necessary to scan so many different languages and… more»
Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security. Updated: March 2019.
332,881 professionals have used our research since 2012.
JohanSoula
Real User
Responsable du Pôle Sécurité des Applications at a financial services firm with 5,001-10,000 employees
Jun 29 2017

What is most valuable?

Valuable features include: * Both automatic and manual code review (CxQL). * The languages covered by the solution.

How has it helped my organization?

After a proper on-boarding, we can set up proper reports of code vulnerability and/or misconfiguration to developers… more»

What needs improvement?

Integration into the SDLC (i.e. support for last version of SonarQube) could be added.

What's my experience with pricing, setup cost, and licensing?

Include PS or deployment assistance in order not to miss true positive vulnerabilities. Really powerful tool, but it must… more»

If you previously used a different solution, which one did you use and why did you switch?

We didn’t really have a previous solution but Checkmarx was the best match for .NET support and scan without resolving the… more»

What other advice do I have?

Ask to meet another customer with the same needs or the same kind of organization, to learn from their experience.
Yafes Duygulutuna
Real User
Sr. Security Engineer at SugarCRM
Jul 04 2017

What is most valuable?

Vulnerability details part.

How has it helped my organization?

* Put the vulnerability details area on the right side of the application or it may be changeable * Save and reset screen… more»

What needs improvement?

* Vulnerability details: Reduce false positive results and improve it by providing more details how I can resolve the… more»

What's my experience with pricing, setup cost, and licensing?

We don't have any specific advice about these issues.

If you previously used a different solution, which one did you use and why did you switch?

We were using Fortify. Its software capability was limited in terms of mobile code scanning.

What other advice do I have?

I don't like the latest license update. I can't set a limit for the reviewer account.
Bus432Anly
Real User
Business Analyst at a tech services company with 201-500 employees
Nov 01 2018

What do you think of Checkmarx?

What is our primary use case?

Our primary use case solution is for code scanning.

How has it helped my organization?

It has made our organization more efficient with our whole code scan/deployment process for our software applications.

What is most valuable?

The most valuable features are: Ease of use Dashboard Interface Report

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I have not had an issue with stability of the product.

What do I think about the scalability of the solution?

There have been no issues with scalability that I am aware of.

How is customer service and technical support?

I have not needed the use of technical support.

Which solutions did we use previously?

Previously, we…
Ankur Sood
Real User
Technical Architect at a tech services company with 1,001-5,000 employees
Feb 27 2018

What do you think of Checkmarx?

What is our primary use case?

I have used it for source code scanning of security vulnerabilities. It seems to be a good tool. It gives the proper code flow of vulnerabilities and the number of occurrences.

How has it helped my organization?

We have scanned various applications with it. It works fine, although we need to check manually for false positive issues. 

What is most valuable?

After scanning, it shows in-depth code of where actual vulnerabilities are, which helps us to analyze them.

What needs improvement?

It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use.

For how long have I used the solution?

One to three years.
James Barwick
Real User
Principal Software Engineer at a comms service provider with 10,001+ employees
Feb 07 2019

What do you think of Checkmarx?

What is our primary use case?

Code scan. We performed periodic static code scans on copies of our Git repository to identify possible vulnerabilities.

How has it helped my organization?

Code consistency. It prompted our developers to fix code or document code they otherwise would not have done.

What is most valuable?

The consistency of code. Showed our team where they are inconsistent or where they have made simple omissions.

What needs improvement?

Dynamic testing. If it had that feature I would have liked to see more consideration of framework validations that we don't have to duplicate. These flags are false positives.

For how long have I used the solution?

One to three years.

Articles

User Assessments By Topic About Checkmarx

Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security. Updated: March 2019.
332,881 professionals have used our research since 2012.

Checkmarx Questions

Checkmarx Projects By Members

What is Checkmarx?

Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

Whitepaper: I, II

Checkmarx customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech

Case Study: Liveperson Implements Innovative Secure SDLC

Highlights
Vulnerability details is valuable.
Both automatic and manual code review (CxQL) are valuable.
It shows in-depth code of where actual vulnerabilities are.
It gives the proper code flow of vulnerabilities and the number of occurrences.
The most valuable feature for me is the Jenkins Plugin.
It is a stable product.
Most valuable features include: ease of use, dashboard. interface and the ability to report.
See more »
BUYER'S GUIDE
Download our free Application Security Report and find out what your peers are saying about Checkmarx, SonarQube, Micro Focus, and more!

Sign Up with Email