Checkmarx Room for Improvement

Milind Dharmadhikari
Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited
The reports are good, but they still need to be improved considering what the UI offers. For example, the UI will suggest the "best-fix location", whereas this information is not captured in the reports. View full review »
Director and Co-Founder at Ushiro-tec
Checkmarx could probably do something to improve their license model. If you have a small company, or if you have a small team with just one or two applications, the entry-level price is too high for such a company. You can find all the solutions offered by Checkmarx through other solutions providers. That is why this type of company needs to be more flexible. In this space, you have a security code and also you have a quality code. It is totally different in terms of investment. In terms of functionality, there are a lot of differences between the various competing products. With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too. The problem with Checkmarx lies with the pricing and licensing, not the product itself. The product is very good. View full review »
Software Engineer at a tech services company with 10,001+ employees
I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time). Updating and debugging of queries is not very convenient. View full review »
Responsable du Pôle Sécurité des Applications at a financial services firm with 5,001-10,000 employees
Integration into the SDLC (i.e. support for last version of SonarQube) could be added. View full review »
Yafes Duygulutuna
Sr. Security Engineer at SugarCRM
* Vulnerability details: Reduce false positive results and improve it by providing more details how I can resolve the vulnerability. * Implementing a blackout time for any user or teams: Needs improvement. I need to place limits for some users or teams within a specific time frame. For example, between 02:00 to 06:00. They can't start any scanning during that time, even if they have scanner privileges. View full review »
Ankur Sood
Technical Architect at a tech services company with 1,001-5,000 employees
It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use. View full review »
James Barwick
Principal Software Engineer at a comms service provider with 10,001+ employees
Dynamic testing. If it had that feature I would have liked to see more consideration of framework validations that we don't have to duplicate. These flags are false positives. View full review »

Sign Up with Email