Checkmarx Benefits

PG
Engineer senior at a hospitality company with 10,001+ employees

This solution helps to remediate the compliance requirements we have. 

The product also increases the quality of the code the developers are able to implement. 

View full review »
KannanPadmanabhan - PeerSpot reviewer
Senior Software Engineering Manager at a financial services firm with 10,001+ employees

We use it for non-functional insight because it's a security vulnerability scanner. We can use Checkmarx for scanning anytime on our code base. We integrated that as part of our build-a-pipeline, and it helps us detect early. We have piloted in few applications for the shift of testing. From a metric perspective, I am unsure how we benefited from the quantifiable data, but we did benefit.

View full review »
GG
Technical Program Manager at a engineering company with 10,001+ employees

For manual code testing, Checkmarx has been very helpful discarding false positives, filtering and removing a lot of files that are not presenting any threat, as well as indicating the files or functions that should be focused upon.

Checkmarx acts as the first checkpoint during our consulting for apps that are looking for a security assessment or Penetration Testing. It is also a game changer, giving the customer's results from each finding in the Checkmarx results.

View full review »
Buyer's Guide
Checkmarx
March 2024
Learn what your peers think about Checkmarx. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
NH
Security Consultant at IBM Thailand

Static code reviews are small projects. Previously, with a team of four analysts, we did two project reviews every month. Since we started using the solution, we could do four projects every week with the same team.

View full review »
MH
Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees

The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes. When the development teams fix them, or even some of them, it significantly enhances the security of the software. 

For example, we had a project, an outsourced one, that provided code written in PHP and included dozens of open-source utilities, libraries, and the like. Their server-side code was in PHP, and their client-side was in JavaScript. Both sides also used many libraries and utilities.

When we ran Checkmarx, it found numerous problems in both their code and the third-party software, including hundreds of high- and medium-severity issues in the PHP code. I didn't dig into the specifics; I just said, "Look, it found hundreds of high and medium problems. You need to reduce them. Before testing starts, you need to provide us the code again, and we'll run it again."

They started fixing it, and while I didn't follow up on the specific fixes, perhaps they removed some libraries. As long as the number of high and medium problems in the Checkmarx report decreased, it meant they were making progress. They hadn't finished yet, though.

After they fixed about half of the problems, we allowed them to start integration. However, they still need to fix the remaining issues, and hopefully, they will.

View full review »
JD
Cybersecurity at a transportation company with 1,001-5,000 employees

I use both the static code analysis and the open-source analysis engine. It gives visibility into weaknesses and the software that may be there in the source code and static analysis. It also gives some insights into the open source vulnerabilities that may be there in the codebase.

View full review »
MH
Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees

Checkmarx detected code sections that did not adhere to best practices. After being informed, the programmers were able to rectify some of the issues. Without Checkmarx, it is unlikely we would have identified these issues.

Utilizing the SCA module, I gained valuable insights into the vulnerabilities present in open-source Python libraries that individuals desire to use. As an information security consultant, I advise against employing Python libraries that contain known vulnerabilities. The SCA solution proved to be helpful in this regard.

View full review »
RB
Senior Engineer at a tech vendor with 10,001+ employees

We have always used some kind of code analysis tool and Checkmarx has been working for us at this time. We like the tool.

View full review »
Rahul Mane - PeerSpot reviewer
Head of DevOps at Tpconnects technologies

Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes.

View full review »
DR
Software Configuration Manager at a tech vendor with 501-1,000 employees

I haven't been monitoring how well our projects have been at reducing vulnerabilities. Checkmarx is one that you have to actively follow, and my position doesn't require that I do that. I set up the tool, and then I let other people use it.

I'm the system administrator of the tool rather than an active user of it. This product has room for improvement in administration.

Adding users is kind of a pain. We need a more automated way of adding users. User administration for the IDs can be improved, they can make it a more automated feature set so that you can add users more quickly and easily. 

Most tools that I'm dealing with today have a mechanism where people can self-enroll.

View full review »
MD
Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited

The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete.

As an example, an application may contain three hundred thousand lines of code that was written over two or three months. Rather than having to examine the entire product for vulnerabilities, we are able to assess weaknesses and identify vulnerabilities in, say, five hundred or one thousand lines of code. This is really advantageous for us.

View full review »
RJ
Founder at a tech company with 51-200 employees

The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled. Among other benefits, this reduces the cost to fix the problem(s) as the fix can occur earlier in the SDLC.

View full review »
RO
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees

Our static operation security has been able to identify more security issues since implementing this solution.

View full review »
it_user318207 - PeerSpot reviewer
Senior Software Security Analyst at a financial services firm with 1,001-5,000 employees

Cx gives you the ability to push SAST down much lower in the SDLC process. With the use of multiple IDE plugins and the ability to do "incremental" scanning, a scan of your latest code does not bog down your machine as it is offloaded.

View full review »
YD
Sr. Security Engineer at SugarCRM
  • Put the vulnerability details area on the right side of the application or it may be changeable
  • Save and reset screen configuration
View full review »
it_user683181 - PeerSpot reviewer
Security Source Code Analyst at a tech services company with 10,001+ employees

It is very easy to insert the tool in the SDLC because there are a wide variety of ways to access the source-code, initiate scans, and review the results. The projects need not care about getting a tool, accessing the tool, and it is cheaper using it.

View full review »
it_user618132 - PeerSpot reviewer
SAP FIORI / HCP Consultant at Silveo

This product helps us to deliver good quality software.

View full review »
it_user531780 - PeerSpot reviewer
Senior Software Security Analyst at a financial services firm with 1,001-5,000 employees

Checkmarx saves us a lot of time. We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code.

View full review »
SB
Senior Security Engineer at a pharma/biotech company with 501-1,000 employees

Using this product improved the stability of my code that went into production.

View full review »
EB
Director and Co-Founder at Ushiro-tec

We received two main benefits from Checkmarx:

  1. Better Security
  2. Saving Time

I recommend Checkmarx to be sure that your development has robust security. For your team management, Checkmarx has a very nice feature to check out manual staff in the process.

View full review »
JB
Principal Software Engineer; Practice Lead at a comms service provider with 10,001+ employees

Code consistency. It prompted our developers to fix code or document code they otherwise would not have done.

View full review »
it_user598917 - PeerSpot reviewer
Senior Manager at a financial services firm

It moved our organization towards being agile vs. waterfall.

View full review »
AS
Technical Architect at Photon Interactive

We have scanned various applications with it. It works fine, although we need to check manually for false positive issues. 

View full review »
it_user607392 - PeerSpot reviewer
Security test engineer at a tech vendor with 10,001+ employees

Now we have information about which specific sections have to be fixed. We can now remove the issue from most of the sections.

View full review »
it_user547335 - PeerSpot reviewer
Innovation Consultant (Security Analyst) at a tech services company with 1,001-5,000 employees

We have been using this product extensively for a lot of applications to identify as well as employ proper remediation which makes the application secure including information issues which might get neglected with a manual code review process.

View full review »
it_user327456 - PeerSpot reviewer
Co-Founder, CTO at a tech services company with 51-200 employees

We have used this product to verify the dev department's code in order to minimize security holes.

View full review »
SD
Business Analyst at a tech services company with 201-500 employees

It has made our organization more efficient with our whole code scan/deployment process for our software applications.

View full review »
it_user592359 - PeerSpot reviewer
SRE Vice Group Manager at a tech services company with 10,001+ employees

During the trial period, we tried to build automated security development lifecycles with this product and with other products. We have achieved partial success with this.

View full review »
it_user245397 - PeerSpot reviewer
Cyber-Ark Consultant at a tech services company with 51-200 employees

I have used it as a consultant.

View full review »
it_user332898 - PeerSpot reviewer
Full Stack Developer at a tech services company with 51-200 employees

It helps with vulnerability scanning of codes to prevent vulnerability of our applications.

View full review »
it_user538254 - PeerSpot reviewer
Assistant Manager Business Development at a tech services company with 501-1,000 employees

As an InfoSec consulting company, we come across major challenging projects. Checkmarx has made life easy and my team is best at using it. It reduces manual efforts in using test cases against any vulnerability found during source code reviews. Apart from OWASP Top Ten, Checkmarx is quite intelligent to find the latest vulnerability and report it.

View full review »
it_user692304 - PeerSpot reviewer
Responsable du Pôle Sécurité des Applications at a tech company with 51-200 employees

After a proper on-boarding, we can set up proper reports of code vulnerability and/or misconfiguration to developers.

Security can be part of the SDLC and reduce the cost of vulnerability remediation. Also, we got faster remediation time for high and critical vulnerability.

View full review »
Buyer's Guide
Checkmarx
March 2024
Learn what your peers think about Checkmarx. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.