Parts of the implementation process could improve by making it more user-friendly.

The DAST component of the tool requires some improvements. The tool's DAST component is not much required in the integration processes with the CI/CD pipelines. IDE plugins to scan codes should be available to developers who are involved in development purposes.

Some of the recommendations provided by the product are generic. Even if the recommendations provided by the product are of low level, the appropriate ones can help users deal with vulnerabilities.

From an improvement perspective, the product should try to align its pricing model with the other tools available in the market.

To make the list of the vulnerabilities more clear and exposed to the users in order to see. Sometimes, we see issues high-level issues vulnerabilities that are not really issues, the interpretation of scanning. Meaning, like, outside, it's not really the issue. But it surfaces as an issue, so we probably may have a database of the errors of the vulnerabilities to expose and maybe even provide some feedback on how valuable the vulnerability is. I'm doing that. So, basically, one area that could be improved is the way that false positives are handled.  

In future releases, if we could create a clear RESTful API to just extract the scanning data on user-added applications and presentations.

There are crashes in the solution. API security is an area with shortcomings that needs improvement.

Personally, I currently use it as a standalone tool without integrating it with other systems, and it meets my needs adequately. They should add a "what if" feature to the application. 

Currently, when the tool identifies issues and suggests updates, if I want to explore different scenarios, I need to prepare another file, turn it into a ZIP, and run the analysis again. It would be more convenient if there was a "what if" option in the GUI. This feature could simulate a run, allowing me to quickly check the impact of changing one or more files or versions without the need for a full rerun.

Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive.

It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx.

In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal.

The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours.

Checkmarx Software Composition Analysis should improve dynamic analysis. 

In terms of time and quality of support, Checkmarx SCA needs improvement. The quality of support people needs improvement.

I have received complaints from my customers that the pricing could be improved.

An area for improvement in Checkmarx Software Composition Analysis is for the updates to be fast. I see that open-source and third party solutions have a lot of vulnerabilities discovered day by day, so it's important for the end users to get updates instantly, so we can identify those vulnerabilities as soon as possible.

What I'd like to see in the next release of Checkmarx Software Composition Analysis is the improvement of its UI. For example, reconciling the live code in a more convenient way.

Improving Checkmarx Software Composition Analysis to make it more convenient for end users to work, plus verifying and analyzing reports from it, is another thing I'd like to see in the next release.

It can have better licensing models.