We use Checkmarx Software Composition Analysis in our development process. We use it when we work with end users for the development of software.
What I found most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in components, especially if some critical issues exist.
An area for improvement in Checkmarx Software Composition Analysis is for the updates to be fast. I see that open-source and third party solutions have a lot of vulnerabilities discovered day by day, so it's important for the end users to get updates instantly, so we can identify those vulnerabilities as soon as possible.
What I'd like to see in the next release of Checkmarx Software Composition Analysis is the improvement of its UI. For example, reconciling the live code in a more convenient way.
Improving Checkmarx Software Composition Analysis to make it more convenient for end users to work, plus verifying and analyzing reports from it, is another thing I'd like to see in the next release.
Checkmarx Software Composition Analysis is a stable solution. Even during upgrades, user experience is stable, and I don't have any major issues with the solution.
Usage of Checkmarx Software Composition Analysis in our company is not too high, so I'm not really sure how scalable it is. We currently have 20 users of the solution.
We don't directly work with the technical support team of Checkmarx Software Composition Analysis, because we have a team who handles the support for the solution, so we contact that team whenever we have issues, instead of contacting the vendor directly.
I have no idea how easy or complex the initial setup for the solution is, because the deployment phase for Checkmarx Software Composition Analysis in my company is through the portal.
I'm working with Checkmarx Software Composition Analysis. I started in this field of work in 2020. This is when I started using SonarQube in my previous company.
Checkmarx Software Composition Analysis can be deployed both on cloud and on-premises, but ours is deployed on-premises.
My advice to people who want to implement Checkmarx Software Composition Analysis is to use it, especially if their software development framework relies on open-source plugins or public open-source solutions. They would need a software composition analysis solution to scan for vulnerabilities in components, because a lot of issues and critical vulnerabilities come from public open-source framework, so my suggestion is for them to use Checkmarx Software Composition Analysis.
My rating for Checkmarx Software Composition Analysis is eight out of ten.