We just raised a $30M Series A: Read our story

Checkmarx Software Composition Analysis OverviewUNIXBusinessApplication

Checkmarx Software Composition Analysis is #9 ranked solution in top Software Composition Analysis (SCA) tools. IT Central Station users give Checkmarx Software Composition Analysis an average rating of 10 out of 10. Checkmarx Software Composition Analysis is most commonly compared to Black Duck:Checkmarx Software Composition Analysis vs Black Duck. The top industry researching this solution are professionals from a computer software company, accounting for 27% of all views.
What is Checkmarx Software Composition Analysis?

Today's software is constructed using open source components and third-party libraries, tied together with custom code. Hackers target vulnerable open source components to access sensitive and valuable data, while data protection regulations become more stringent in an effort to encourage better software security practices. While all this is happening, DevOps is taking the world by storm and the burden of securing software is rapidly expanding under the purview of the developers who create it.

Trust us, we get it. You're caught between a strong desire to innovate and a sincere dislike of having your company’s name on the news as “the most recent data breach.”

That's why we made CxSCA, the most effective next-gen software composition analysis solution designed to help development teams ship secure software quickly while giving AppSec teams the insight and control they need to improve your software security risk posture.

Checkmarx Software Composition Analysis was previously known as CxSCA.

Buyer's Guide

Download the Software Composition Analysis (SCA) Buyer's Guide including reviews and more. Updated: November 2021

Checkmarx Software Composition Analysis Customers
AXA, Liveperson, Aaron's, Playtech, Morningstar
Checkmarx Software Composition Analysis Video

Pricing Advice

What users are saying about Checkmarx Software Composition Analysis pricing:
  • "It is a little bit high priced. It would be better if it was a little less expensive."

Checkmarx Software Composition Analysis Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
GG
Sr. Director Global Solutions Development at a energy/utilities company with 10,001+ employees
Real User
Top 10
A solid, stable, and easy-to-deploy solution that allows you to incorporate it into a CICB pipeline and has the ability to do incremental scans

Pros and Cons

  • "One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good. It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely."
  • "Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx."

What is our primary use case?

We use it for scanning .NET and Java applications. We are using its latest version.

What is most valuable?

One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good.

It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely.

What needs improvement?

Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive.

It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx.

For how long have I used the solution?

I have been using this solution for maybe three months.

What do I think about the stability of the solution?

It is still in the early stages, but it is performing as expected. It has been very solid and stable. We haven't had any problems with it. We've used it maybe against a dozen projects. We might have done a hundred scans. 

How are customer service and technical support?

They provided some technical support during the installation. They clarified some questions and were very responsive.

How was the initial setup?

The initial setup was straightforward. It took maybe three to five days.

What about the implementation team?

It was implemented in-house.

What's my experience with pricing, setup cost, and licensing?

It is a little bit high priced. It would be better if it was a little less expensive.

What other advice do I have?

I would rate Checkmarx Software Composition Analysis a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cuneyt KALPAKOGLU Phd.
Founder & Chairman at Endpoint-labs Cyber Security R&D
Real User
Top 5Leaderboard
Very easy, user friendly, and stable

What is our primary use case?

We are an IT security research and development lab. We have around 22 engineers doing research and testing and developing add-ons and complementary solutions. We are the strategic development partner of Checkmarx. We are using the latest version of this solution.

What is most valuable?

It is very easy and user friendly. It never requires any kind of technical support. You can do everything on your own.

What needs improvement?

It can have better licensing models.

For how long have I used the solution?

We have been working with Checkmarx for more than six years.

What do I think about the stability of the solution?

It is stable. I have never faced any issues.

What do I think about the scalability of the solution?

It is scalable.

How are

What is our primary use case?

We are an IT security research and development lab. We have around 22 engineers doing research and testing and developing add-ons and complementary solutions. We are the strategic development partner of Checkmarx. We are using the latest version of this solution.

What is most valuable?

It is very easy and user friendly. It never requires any kind of technical support. You can do everything on your own.

What needs improvement?

It can have better licensing models.

For how long have I used the solution?

We have been working with Checkmarx for more than six years.

What do I think about the stability of the solution?

It is stable. I have never faced any issues.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and technical support?

It doesn't need any technical support, but when you open a ticket, you get a response on the same day. Sometimes, you get a response in an hour or two hours. They are a very dedicated organization.

How was the initial setup?

The initial setup is straightforward and very user friendly. It is a cloud product, so you don't need to install it. It is plug and play.

What other advice do I have?

I would recommend this solution. Checkmarx Software Composition Analysis is one of the most important products in the IT security market. According to the Gartner report, Checkmarx has been a leading company for the last three years. 

I would rate Checkmarx Software Composition Analysis a nine out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner