The report function is the solution's greatest asset. We can configure reports in our build pipeline. We set them to publish scores and consolidate all the pod answers. We go through reports to understand issues and next steps. We get availability of code by clicking on that particular section. 

We are able to speed up services because the semi-application is done in the report.

The solution is very easy to navigate. 

We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve.

Being able to have the breadth and depth of different kinds of support for different languages is excellent & many other solutions require you to compile the code prior to the scan, with CxSAST there is no need to compile code for a static analysis. If you didn't support a particular language that an application was written in, whether it was legacy code or a new agile code like Scala, JScript, PLSQL, or whatever, well, then you didn't get the business. If you were an organization that converted its SDLC from waterfall to agile, then you're going to need the ability to support multiple languages, even if they're not part of the company, thanks to that agility, that approach, that methodology. Supporting different languages was a high priority of the client.

Checkmarx is more developer friendly. Developers are aware of how to use Checkmarx. It's not too complicated, and they can understand what the problem is in their code, and it helps them to write secure code. That's a big thing. It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx. That's the main positive point.

The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal.

The administration in Checkmarx is very good. You can create specific teams which give you access to specific projects.

The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects.

• The export feature and presentation of the results.
• The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions).

• A wide variety of modern programming languages are supported, including mobile languages).

It is very easy for the analyst to have everything in a consolidated single pane of glass. Previously, they ran multiple tools. They used one tool for source code analysis and another for static code review. Then, I manually verified each result. Since we moved to Checkmarx, it has been very easy for the analyst.

The tool gives us a shareable report that can be easily shared with management once the product is done. The solution’s performance and the consolidated information it provides are valuable. The platform is completely on the cloud. There are no scalability or connectivity issues. The platform is stable. It can be accessed from anywhere.

We used open-source tools before. We had to deploy the tools in the customers' environment to establish the connection between the tools and their product application. Since Checkmarx is a SaaS-based platform, we need only the forward connection from Checkmarx to the tool. The tool handles everything else. We just need a single firewall rule to be enabled on the platform to establish the connection.

The deployment is very simple. We need just one rule to forward the web application to Checkmarx. The scanning engine is very good. Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%. The tool has greatly reduced the time and effort our analysts need to do their tasks. It's very useful if we need to perform a short-term project. It is greatly helpful in fixing loopholes and vulnerabilities swiftly.

The most valuable feature is that Checkmarx specifies the exact line of code where it finds the problem. They show it in the report, the exact line or two lines. They also show where the problem starts and where it's used. 

Even if it's used later in routines or messages during the computation, they show both sides. For example, they show the user input and where it's being used, even if it's saved in a different file. 

They follow the code, the function code, the method code, and all the calls until it's used because they have all the code mapped. So, they show where it starts, where it's being used, and they say it hasn't been checked all the way. They prove it, not just say it, by showing exactly where the issue is. 

Even if you don't know the software, like third-party software you want to fix or modify, you know where to start looking in the code.

As for the UI, it's okay. You give it the code, it runs, and it's pretty good.

The only thing I like is that Checkmarx does not need to compile. That's a good feature.

The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools.

The most valuable feature is the application tracking reporting.

From the user's perspective, the interface is pretty good. It will point out the exact line of code when an issue is found.

It is good in terms of coverage for different languages.

It is updated automatically so there is less maintenance.

I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy. Typically when using SCA tools on C/C++ and C# you must compile the software for SCA to work. CX doesn’t require any compilation due to the way the tool does synthetic compilation to help find errors in code. Many times 3rd party assurance providers don’t have all the files to compile so CX comes in handy. 

The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful.

What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results.

The most valuable feature of Checkmarx are the automation and information that it provides in the reports.

Checkmarx gives you an overview of all security aspects of the codes and shows what code aspects you need to be looking into.

The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera. 

The software languages that they support are one of the largest in the market.

The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for. It's also pretty intuitive and has a lot of good dashboards and metrics.

I'm more of the admin as opposed to a user of Checkmarx. Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before.

There are many features, but first is the fact that it is easy to use, and not complicated.

One of the cool features is that it identifies the development technology that we are using on its own, whether it is Java or .NET or otherwise, it identifies it by itself.

The most important aspect is that it shows us exactly, on which particular line, the vulnerability is.

The user interface is very intuitive and it offers help on the fly.

It's easy to use. The configuration is easy. 

It has all the features we need. 

The reporting on the solution is very good. The reports we get are very self-explanatory. They aren't complex or confusing. They will tell us if we are facing vulnerabilities and where. From the reporting, it's quite easy to find the problems and fix them.

The solution overall is very good at detecting and pinpointing vulnerabilities in the code.

The user interface is excellent. It's very user friendly.

The solution offers good training documentation so we know how to handle problems as they arise.

The ability to identify a vulnerability, the optimal place for remediation and the correct syntax is very valuable. This feature helps ensure that the software fix is comprehensive and effective. The CxSuite is easy to use and because it provides the correct coding syntax to address a vulnerability, it helps improve the secure coding skill set among developers. The product can scan precompiled (source) code, as well as compiled (binary) code, delivering effectiveness and efficiency throughout the SDLC.

The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility.

I am aware of Checkmarx's portfolio, however, we've been playing exclusively with the SAST and with the AppSec Awareness platform, they're Codebashing platform. It's been a very positive experience overall.

The value you can get out of the speedy production may be worth the price tag.

The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking.

There are many good features like site integration, but the most valuable feature for us is the XL scan of source code. 

It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc).

The most valued feature comes within the platform called Codebashing, it allows scanning code for security flaws. Our clients are able to learn from these scans and develop more secure code. The solution is easy to configure and user friendly as well. They also have support for a large variety of languages compared to other solutions and the product updates continuously.

Vulnerability details part.

The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important. 

The most valuable feature for me is the Jenkins Plugin. We usually take a copy of the normal build job for Checkmarx so that:

1. we have all of the source code we need for the build, normal and generated source code;
2. we need only one technical user for scanning the projects (SVN access and Git access need to change the passwords every 90 days).

The visibility the solution gives you is great. It really gives you the ability to see what the root issues in the code actually are. 

The setup is fairly easy. We didn't struggle with the process at all.

The user interface is modern and nice to use.

This product has very good reports.

Checkmarx integrates with a lot of different tools such as BitBucket and Jira.

There is good coverage for different languages.

• Performs security checks for SAP Fiori applications
• Helps us check vulnerabilities in our SAP Fiori application
• Easy to use and master
• One of the most important tools in our building process

The most valuable feature is that Checkmarx scans code for security vulnerabilities without needing to compile first.

The UI is user-friendly.

The Fast feature for static application security testing is the most valuable.

One of the most valuable features is it is flexible. 

Aside from my occupation, I am an academic. Because of our status, we test products as well as their competition, for example, we45, AppScan, SonarQube, etc. I have to point out, from an academic and business point of view, there is a very serious competitive advantage to using Checkmarx. Even if there are multiple vulnerabilities in the source coding, Checkmarx is able to identify which lines need to be corrected and then proceeds to automatically remediate the situation. This is an outstanding advantage that none of the competition offers. 

The flexibility in regards to finding false-positives and false-negatives is amazing. Checkmarx can easily manage false-positives and negatives. You don't need to generate an additional platform if you would like to scan a mobile application from iOS or Android. With a single license, you are able to scan and test every platform. This is not possible with other competitive products. For instance, say you are using we45 — if you would like to scan an iOS application, you would have to generate an iOS platform first. With Checkmarx you don't need to do anything — take the source code, scan it and you're good to go. Last but not least, the incremental scanning capabilities are a mission-critical feature for developers. 

Also, the API and integrations are both very flexible.

The support the solution offers is very good. When we were evaluating tools, they were extremely helpful. They're always available and they always respond back to any queries.

The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database. I am able to be assured that when I am scanning my product those vulnerabilities are identified at very initial stages. It gives my development team more time to react.

The most valuable features are the easy to understand interface, and it 's very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan.

We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project.

The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.

The UI is very intuitive and simple to use. You don't need to know anything about the product before you being working with it.

The interface used to audit issues is also simple to use.

Compared to similar products, the code scanning time is fast.

The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results.

The solution has good performance, it is able to compute in 10 to 15 minutes. 

The most valuable feature is the scanning.

The reports are very good because they include details on the code level, and make suggestions about how to fix the problems.

The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time.

It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results.

The consistency of code. Showed our team where they are inconsistent or where they have made simple omissions.

Scan reviews can occur during the development lifecycle.

The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.

After scanning, it shows in-depth code of where actual vulnerabilities are, which helps us to analyze them.

The solution communicates where to fix the issue for the purpose of less iterations.

Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application. It therefore makes it easier to identify these as well as fix them.

They're all as valuable as each other.

The most valuable features are:

• Ease of use
• Dashboard
• Interface
• Report

The solution allows us to create custom rules for code checks. Without custom rules, the system couldn’t find anything serious in the custom code and libraries.

It provides a graphical view of any vulnerabilities.

It provides us with code analysis.

Apart from software scanning, software composition scanning is valuable.

The most valuable feature is the simple user interface.

Some valuable features of this product are:

• Very comprehensive scanning
• Less false positive errors as compared to any other solution
• Incremental scanning
• Supports all major languages

Valuable features include:

• Both automatic and manual code review (CxQL).
• The languages covered by the solution.