Checkmarx Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Don Robbins
Real User
Software Configuration Manager at a tech vendor with 501-1,000 employees
Jun 19 2019

What is most valuable?

I'm more of the admin as opposed to a user of Checkmarx. Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before.

How has it helped my organization?

I haven't been monitoring how well our projects have been at reducing vulnerabilities. Checkmarx is one that you have to actively follow, and my position doesn't require… more»

What needs improvement?

One of the biggest heartaches that we have is that all of our Windows servers are on an automated upgrade. Whenever Windows upgrades, we lose the order of the ciphers and… more»

What's my experience with pricing, setup cost, and licensing?

I've got 100 licenses for Checkmarx. As people come and go, it's a hassle to add and remove them. In this day and age, it's such a meaningless time-waster.

If you previously used a different solution, which one did you use and why did you switch?

The tool that we were using before was AppScan.

What other advice do I have?

From an administrative standpoint, I would rate Checkmarx with a five out of ten. From what my users are telling me, I'd give it an eight for the tool's ability to report… more»

Which other solutions did I evaluate?

We were previously working with Azure. We switched because of their implementation of SQL Server. Checkmarx uses statements to move from database to database. Azure does… more»
Milind Dharmadhikari
Real User
Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited
May 18 2019

What is most valuable?

There are many features, but first is the fact that it is easy to use, and not complicated. One of the cool features is that it identifies the development technology that… more»

How has it helped my organization?

The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete. As an example, an application may contain… more»

What needs improvement?

The reports are good, but they still need to be improved considering what the UI offers. For example, the UI will suggest the "best-fix location", whereas this information… more»

What's my experience with pricing, setup cost, and licensing?

We have a subscription license that is on a yearly basis, and it's a pretty competitive solution. I don't know of any additional costs, beyond the standard licensing fees… more»

If you previously used a different solution, which one did you use and why did you switch?

I do not have recent, hands-on experience with this tool but, I have used it in the past and my team now uses it extensively. We did not use a tool previous to this one… more»

What other advice do I have?

My advice to any software development team using a different set of tools is to look at Checkmarx. It's a very good product. It's a great product, in fact. Any… more»

Which other solutions did I evaluate?

We evaluated the Fortify Static Code Analyzer and IBM Security AppScan, but our evaluation was not fully completed. We were happy with what we were seeing with Checkmarx… more»
Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security. Updated: October 2019.
372,124 professionals have used our research since 2012.
EduardoBeltran
Real User
Director and Co-Founder at Ushiro-tec
Apr 17 2019

What is most valuable?

The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot… more»

How has it helped my organization?

We received two main benefits from Checkmarx: * Better Security * Saving Time I recommend Checkmarx to be sure that your development has robust security. For your team management, Checkmarx has a very… more»

What needs improvement?

Checkmarx could probably do something to improve their license model. If you have a small company, or if you have a small team with just one or two applications, the entry-level price is too high for… more»

If you previously used a different solution, which one did you use and why did you switch?

We used Veracode for some time and it's also a good solution. Veracode fits better for small companies. It's more automatic. Checkmarx is more complete and they have more features to support our… more»

What other advice do I have?

We have a small team. It is about four people in total. We do not require that many staff for the deployment and maintenance of Checkmarx. We are testing the solution in a small local company. Our… more»

Which other solutions did I evaluate?

We evaluated some products from a company in Spain. Checkmarx provided better functionality and options for us.
Reviewer59103
Consultant
Software Engineer at a tech services company with 10,001+ employees
Jan 22 2018

What is most valuable?

The most valuable feature for me is the Jenkins Plugin. We usually take a copy of the normal build job for Checkmarx so that: * we have all of the source code we need for… more»

How has it helped my organization?

It is very easy to insert the tool in the SDLC because there are a wide variety of ways to access the source-code, initiate scans, and review the results. The projects… more»

What needs improvement?

I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)… more»

What's my experience with pricing, setup cost, and licensing?

We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open… more»

If you previously used a different solution, which one did you use and why did you switch?

None. I started with this product.

What other advice do I have?

Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper… more»

Which other solutions did I evaluate?

I didn’t evaluate this or other solutions, but my team leader had experience with HPE Fortify and he said it is much more expensive, and the service even worse.
CyberSecAn08987
Real User
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees
May 25 2019

What is most valuable?

There are many good features like site integration, but the most valuable feature for us is the XL scan of source code.

How has it helped my organization?

Our static operation security has been able to identify more security issues since implementing this solution.

What needs improvement?

It would be really helpful if the level of confidence was included, with respect to identified issues. Some competitors have this feature, and it helps a lot to concentrate on the real findings.

If you previously used a different solution, which one did you use and why did you switch?

Prior to this solution, we were using IBM Security AppScan. We had many, many issues with the application, along with complaints about the deployment time. The main reason we switched is that it was… more»

What other advice do I have?

If people are in need of static application security, then I would recommend this product. I would rate this solution an eight out of ten.

Which other solutions did I evaluate?

We did evaluate other options.
Bus432Anly
Real User
Business Analyst at a tech services company with 201-500 employees
Nov 01 2018

What do you think of Checkmarx?

What is our primary use case?

Our primary use case solution is for code scanning.

How has it helped my organization?

It has made our organization more efficient with our whole code scan/deployment process for our software applications.

What is most valuable?

The most valuable features are: Ease of use Dashboard Interface Report

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I have not had an issue with stability of the product.

What do I think about the scalability of the solution?

There have been no issues with scalability that I am aware of.

How is customer service and technical support?

I have not needed the use of technical support.

Which solutions did we use previously?

Previously, we…
Ankur Sood
Real User
Technical Architect at a tech services company with 1,001-5,000 employees
Feb 27 2018

What do you think of Checkmarx?

What is our primary use case?

I have used it for source code scanning of security vulnerabilities. It seems to be a good tool. It gives the proper code flow of vulnerabilities and the number of occurrences.

How has it helped my organization?

We have scanned various applications with it. It works fine, although we need to check manually for false positive issues. 

What is most valuable?

After scanning, it shows in-depth code of where actual vulnerabilities are, which helps us to analyze them.

What needs improvement?

It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use.

For how long have I used the solution?

One to three years.
James Barwick
Real User
Principal Software Engineer at a comms service provider with 10,001+ employees
Feb 07 2019

What do you think of Checkmarx?

What is our primary use case?

Code scan. We performed periodic static code scans on copies of our Git repository to identify possible vulnerabilities.

How has it helped my organization?

Code consistency. It prompted our developers to fix code or document code they otherwise would not have done.

What is most valuable?

The consistency of code. Showed our team where they are inconsistent or where they have made simple omissions.

What needs improvement?

Dynamic testing. If it had that feature I would have liked to see more consideration of framework validations that we don't have to duplicate. These flags are false positives.

For how long have I used the solution?

One to three years.

Articles

User Assessments By Topic About Checkmarx

Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security. Updated: October 2019.
372,124 professionals have used our research since 2012.

Checkmarx Questions

What is Checkmarx?

Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

Whitepaper: I, II

Checkmarx customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech

Case Study: Liveperson Implements Innovative Secure SDLC

Read Archived Reviews
Checkmarx team at your service
Bill Hawkins – Regional Sales Manager- SLED Northeast; Upstate NY Commercial at a software R&D company with 51-200 employees
BUYER'S GUIDE
Download our free Application Security Report and find out what your peers are saying about Checkmarx, SonarQube, Micro Focus, and more!
Sign Up with Email