Checkmarx Reviews

Filter by:Reset all filters
industry
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
rating
Filter Unavailable
Real User
Founder at a tech company with 51-200 employees
Featured Review

What is most valuable?

The ability to identify a vulnerability, the optimal place for remediation and the correct syntax is very valuable. This feature helps ensure that the software fix is comprehensive and effective. The CxSuite is easy to use and because it... more»

How has it helped my organization?

The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled. Among other benefits, this reduces the cost to fix the problem(s) as the... more»

What needs improvement?

The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools. The... more»
Real User
Technical Program Manager at a engineering company with 10,001+ employees
Feb 26 2017

What is most valuable?

* The export feature and presentation of the results. * The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions). * A wide variety of modern programming languages are supported,... more»

How has it helped my organization?

For manual code testing, Checkmarx has been very helpful discarding false positives, filtering and removing a lot of files that are not presenting any threat, as well as indicating the files or functions that should be focused upon. Checkmarx... more»

What needs improvement?

The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode. Compiled code means that the code written is stored in binaries, for machine reading only. Tools like Veracode... more»
Real User
Senior Manager at a financial services firm
Feb 23 2017

What is most valuable?

Scan reviews can occur during the development lifecycle.

How has it helped my organization?

It moved our organization towards being agile vs. waterfall.

What needs improvement?

The areas in which this product needs to improve are: * C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported. * There were issues in regards to the JSP parsing. * Defect report... more»
Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security.
287,901 professionals have used our research since 2012.
Consultant
Software Engineer at a tech services company with 10,001+ employees
Jan 22 2018

What is most valuable?

The most valuable feature for me is the Jenkins Plugin. We usually take a copy of the normal build job for Checkmarx so that: * we have all of the source code we need for the build, normal and generated source code; * we need only one... more»

How has it helped my organization?

It is very easy to insert the tool in the SDLC because there are a wide variety of ways to access the source-code, initiate scans, and review the results. The projects need not care about getting a tool, accessing the tool, and it is cheaper... more»

What needs improvement?

I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time). Updating and debugging of queries is not very convenient.
Consultant
Innovation Consultant (Security Analyst) at a tech services company with 1,001-5,000 employees
Feb 23 2017

What is most valuable?

Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application. It therefore makes it easier to identify these as well as fix them.

How has it helped my organization?

We have been using this product extensively for a lot of applications to identify as well as employ proper remediation which makes the application secure including information issues which might get neglected with a manual code review process.

What needs improvement?

Checkmarx has the detailed description of all the vulnerabilities which it identifies after the source code scan. These descriptions are just a click away. Some of the descriptions were found to be missing or were not as elaborate as compared... more»
Consultant
SRE Vice Group Manager at a tech services company with 1,001-5,000 employees
Jan 25 2017

What is most valuable?

The solution allows us to create custom rules for code checks. Without custom rules, the system couldn’t find anything serious in the custom code and libraries.

How has it helped my organization?

During the trial period, we tried to build automated security development lifecycles with this product and with other products. We have achieved partial success with this.

What needs improvement?

The main issue was the supported Windows OS for the installation. Windows is not appropriate for a big internet company’s infrastructure. Supporting a Windows machine, especially for this software, is inconvenient. This product requires you... more»
See 8 more reviews

Articles

User Assessments By Topic About Checkmarx

Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security.
287,901 professionals have used our research since 2012.

Checkmarx Questions

Checkmarx Projects By Members

Checkmarx Consultants

What is Checkmarx?

Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

Whitepaper: I, II

Checkmarx customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech

Case Study: Liveperson Implements Innovative Secure SDLC

Checkmarx White Papers
How to Implement DevSecOps Throughout Your SDLC
Empower Your Developers to Deliver Secure Software Faster!
The JavaScript Guide: Web Application Secure Coding Practices
Adding the “Sec” to DevOps
Are You on Tinder? Someone May Be Watching You Swipe
Checkmarx Videos
Screen Shots
BUYER'S GUIDE
Not sure which Application Security solution is right for you?

Download our free Application Security Report and find out what your peers are saying about Checkmarx, SonarQube, Micro Focus, and more!

Sign Up with Email