Checkmarx Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Gustavo_Gonzalez
Real User
Technical Program Manager at a engineering company with 10,001+ employees
Feb 26 2017

What is most valuable?

* The export feature and presentation of the results. * The ability to track the vulnerabilities inside the code (origin… more»

How has it helped my organization?

For manual code testing, Checkmarx has been very helpful discarding false positives, filtering and removing a lot of files… more»

What needs improvement?

The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as… more»

What's my experience with pricing, setup cost, and licensing?

Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool… more»

If you previously used a different solution, which one did you use and why did you switch?

I used to work mostly on checking the source code manually, and estimated the time of completion counting the lines of… more»

What other advice do I have?

I recommend to have a live session with the marketing team, to have a demo and to track all your doubts before purchasing… more»
Anonymous User
Real User
Senior Manager at a financial services firm
Feb 23 2017

What is most valuable?

Scan reviews can occur during the development lifecycle.

How has it helped my organization?

It moved our organization towards being agile vs. waterfall.

What needs improvement?

The areas in which this product needs to improve are: * C, C++, VB and T-SQL are not supported by this product. Although… more»

What's my experience with pricing, setup cost, and licensing?

The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align… more»

If you previously used a different solution, which one did you use and why did you switch?

Previously, we were using a different solution. We were leveraging multiple tools since we have code in multiple… more»

What other advice do I have?

The product is not mature and ready for the enterprise usage yet. It is okay to use it when the support expectations are… more»
Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security. Updated: February 2019.
316,268 professionals have used our research since 2012.
Reviewer59103
Consultant
Software Engineer at a tech services company with 10,001+ employees
Jan 22 2018

What is most valuable?

The most valuable feature for me is the Jenkins Plugin. We usually take a copy of the normal build job for Checkmarx so… more»

How has it helped my organization?

It is very easy to insert the tool in the SDLC because there are a wide variety of ways to access the source-code… more»

What needs improvement?

I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event… more»

What's my experience with pricing, setup cost, and licensing?

We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning… more»

If you previously used a different solution, which one did you use and why did you switch?

None. I started with this product.

What other advice do I have?

Before implementing the product I would evaluate if it is really necessary to scan so many different languages and… more»
Anonymous User
Consultant
Innovation Consultant (Security Analyst) at a tech services company with 1,001-5,000 employees
Feb 23 2017

What is most valuable?

Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application. It… more»

How has it helped my organization?

We have been using this product extensively for a lot of applications to identify as well as employ proper remediation… more»

What needs improvement?

Checkmarx has the detailed description of all the vulnerabilities which it identifies after the source code scan. These… more»

What's my experience with pricing, setup cost, and licensing?

It is a good product but a little overpriced.

If you previously used a different solution, which one did you use and why did you switch?

I am not aware of any previous solutions.

What other advice do I have?

Better to look out for other products available in the market as well.
Nabil Khlifi
Consultant
SAP FIORI / HCP Consultant at Silveo
Mar 06 2017

What is most valuable?

* Performs security checks for SAP Fiori applications * Helps us check vulnerabilities in our SAP Fiori application * Easy to use and master * One… more»

How has it helped my organization?

This product helps us to deliver good quality software.

What needs improvement?

I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service. This… more»

If you previously used a different solution, which one did you use and why did you switch?

We haven't used anything else. This is our first solution.

What other advice do I have?

It is a good tool. I recommend it in order to ensure software quality.
JohanSoula
Real User
Responsable du Pôle Sécurité des Applications at a financial services firm with 5,001-10,000 employees
Jun 29 2017

What is most valuable?

Valuable features include: * Both automatic and manual code review (CxQL). * The languages covered by the solution.

How has it helped my organization?

After a proper on-boarding, we can set up proper reports of code vulnerability and/or misconfiguration to developers… more»

What needs improvement?

Integration into the SDLC (i.e. support for last version of SonarQube) could be added.

What's my experience with pricing, setup cost, and licensing?

Include PS or deployment assistance in order not to miss true positive vulnerabilities. Really powerful tool, but it must… more»

If you previously used a different solution, which one did you use and why did you switch?

We didn’t really have a previous solution but Checkmarx was the best match for .NET support and scan without resolving the… more»

What other advice do I have?

Ask to meet another customer with the same needs or the same kind of organization, to learn from their experience.
Yafes Duygulutuna
Real User
Sr. Security Engineer at SugarCRM
Jul 04 2017

What is most valuable?

Vulnerability details part.

How has it helped my organization?

* Put the vulnerability details area on the right side of the application or it may be changeable * Save and reset screen… more»

What needs improvement?

* Vulnerability details: Reduce false positive results and improve it by providing more details how I can resolve the… more»

What's my experience with pricing, setup cost, and licensing?

We don't have any specific advice about these issues.

If you previously used a different solution, which one did you use and why did you switch?

We were using Fortify. Its software capability was limited in terms of mobile code scanning.

What other advice do I have?

I don't like the latest license update. I can't set a limit for the reviewer account.
Bus432Anly
Real User
Business Analyst at a tech services company with 201-500 employees
Nov 01 2018

What do you think of Checkmarx?

What is our primary use case?

Our primary use case solution is for code scanning.

How has it helped my organization?

It has made our organization more efficient with our whole code scan/deployment process for our software applications.

What is most valuable?

The most valuable features are: Ease of use Dashboard Interface Report

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I have not had an issue with stability of the product.

What do I think about the scalability of the solution?

There have been no issues with scalability that I am aware of.

How is customer service and technical support?

I have not needed the use of technical support.

Which solutions did we use previously?

Previously, we…
See 3 More Checkmarx Reviews

Articles

User Assessments By Topic About Checkmarx

Find out what your peers are saying about Checkmarx, SonarQube, Micro Focus and others in Application Security. Updated: February 2019.
316,268 professionals have used our research since 2012.

Checkmarx Questions

Checkmarx Projects By Members

What is Checkmarx?

Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

Whitepaper: I, II

Checkmarx customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech

Case Study: Liveperson Implements Innovative Secure SDLC

Highlights
Vulnerability details is valuable.
Both automatic and manual code review (CxQL) are valuable.
The solution communicates where to fix the issue for the purpose of less iterations.
The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions).
Scan reviews can occur during the development lifecycle.
Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application.
Helps us check vulnerabilities in our SAP Fiori application.
See more »
BUYER'S GUIDE
Download our free Application Security Report and find out what your peers are saying about Checkmarx, SonarQube, Micro Focus, and more!

Sign Up with Email