Checkmarx Software Composition Analysis Reviews

The purpose of software composition analysis is to identify any open-source components that may contain vulnerabilities. It is especially important because, nowadays, developers often download algorithms from the internet while they are developing software, but these downloaded components need to be scanned for vulnerabilities.

Additionally, developers may not pay close attention to open-source components' legal and licensing aspects, which can cause serious problems. Therefore, it is necessary to use software composition analysis as protection, and Checkmarx's SCA tool is very beneficial for this purpose.

The most valuable feature is that it can ensure the security of the software when downloading open-source components from the internet. It is the first and foremost benefit. Secondly, even though these components may be shared or free, there can still be license issues, and young developers may not pay attention to this aspect, which can be very dangerous and lead to serious penalties in the future.

In terms of time and quality of support, Checkmarx SCA needs improvement. The quality of support people needs improvement.

We have been using it since the first day it was released. We always use the latest version.

The software is very stable and works very well.

It is a very scalable product.

This is the most critical point for me. Their support was much better in the past, like last year or two years ago. As compared to the previous timeline, I feel that their support should be much better.

The initial setup is very easy.

From my point of view, according to the value they generate for the customers, it is not expensive. But as compared to competitive products in the market, it is gradually becoming more expensive. It's like choosing between a BMW and a cheaper car.

So, it's worth the money someone spends to use this product.

It's one of the best in the market, honestly.

Overall, I would rate the product a nine out of ten. And I didn't score it ten because of the weakness in the support. I know from the past that the support used to be better because I had been working with Checkmarx for over ten years.

My customers' main use cases for this solution are based on its open-source library. Another use case is with supply chain attacks because It checks the integrity of the library and not just the hash, checksum, or version.

Checkmarx unifies all the features in its service.

I have received complaints from my customers that the pricing could be improved.

It's been two years since I started getting familiar with the solution.

I rate the solution's stability an eight out of ten.

I rate the solution's scalability a ten out of ten. Software Composition is just the version, the hash, so it consumes less data and can be scaled easily.

Checkmarx's technical support is helpful.

Positive

I've used AppDome. Checkmarx protects our apps from the inside, but AppDome protects our apps from the outside. AppCode provides a different aspect of security from Checkmarx by healing apps since Checkmarx doesn't scan for vulnerabilities in code.

I recommend Checkmarx Software Composition Analysis and rate it a ten out of ten.

We use Checkmarx Software Composition Analysis in our development process. We use it when we work with end users for the development of software.

What I found most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in components, especially if some critical issues exist.

An area for improvement in Checkmarx Software Composition Analysis is for the updates to be fast. I see that open-source and third party solutions have a lot of vulnerabilities discovered day by day, so it's important for the end users to get updates instantly, so we can identify those vulnerabilities as soon as possible.

What I'd like to see in the next release of Checkmarx Software Composition Analysis is the improvement of its UI. For example, reconciling the live code in a more convenient way.

Improving Checkmarx Software Composition Analysis to make it more convenient for end users to work, plus verifying and analyzing reports from it, is another thing I'd like to see in the next release.

Checkmarx Software Composition Analysis is a stable solution. Even during upgrades, user experience is stable, and I don't have any major issues with the solution.

Usage of Checkmarx Software Composition Analysis in our company is not too high, so I'm not really sure how scalable it is. We currently have 20 users of the solution.

We don't directly work with the technical support team of Checkmarx Software Composition Analysis, because we have a team who handles the support for the solution, so we contact that team whenever we have issues, instead of contacting the vendor directly.

I have no idea how easy or complex the initial setup for the solution is, because the deployment phase for Checkmarx Software Composition Analysis in my company is through the portal.

I'm working with Checkmarx Software Composition Analysis. I started in this field of work in 2020. This is when I started using SonarQube in my previous company.

Checkmarx Software Composition Analysis can be deployed both on cloud and on-premises, but ours is deployed on-premises.

My advice to people who want to implement Checkmarx Software Composition Analysis is to use it, especially if their software development framework relies on open-source plugins or public open-source solutions. They would need a software composition analysis solution to scan for vulnerabilities in components, because a lot of issues and critical vulnerabilities come from public open-source framework, so my suggestion is for them to use Checkmarx Software Composition Analysis.

My rating for Checkmarx Software Composition Analysis is eight out of ten.

We are an IT security research and development lab. We have around 22 engineers doing research and testing and developing add-ons and complementary solutions. We are the strategic development partner of Checkmarx. We are using the latest version of this solution.

It is very easy and user friendly. It never requires any kind of technical support. You can do everything on your own.

It can have better licensing models.

We have been working with Checkmarx for more than six years.

It is stable. I have never faced any issues.

It is scalable.

It doesn't need any technical support, but when you open a ticket, you get a response on the same day. Sometimes, you get a response in an hour or two hours. They are a very dedicated organization.

The initial setup is straightforward and very user friendly. It is a cloud product, so you don't need to install it. It is plug and play.

I would recommend this solution. Checkmarx Software Composition Analysis is one of the most important products in the IT security market. According to the Gartner report, Checkmarx has been a leading company for the last three years. 

I would rate Checkmarx Software Composition Analysis a nine out of ten.