We performed a comparison between CAST Highlight and Checkmarx One based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It offers good performance."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"The most valuable features of CAST Highlight are automation and speed."
"CAST Highlight is easy to use and has a good dashboard."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"Helps us check vulnerabilities in our SAP Fiori application."
"We use the solution to validate the source code and do SAST and security analysis."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The value you can get out of the speedy production may be worth the price tag."
"Apart from software scanning, software composition scanning is valuable."
"The user interface is modern and nice to use."
"It shows in-depth code of where actual vulnerabilities are."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"There's a bit of a learning curve at the outset."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"The ease of configuration and customization could be improved in CAST Highlight."
"We have received some feedback from our customers who are receiving a large number of false positives."
"It is an expensive solution."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews. CAST Highlight is rated 7.8, while Checkmarx One is rated 7.6. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". CAST Highlight is most compared with SonarQube, Snyk, Veracode, Black Duck and GitLab, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity. See our CAST Highlight vs. Checkmarx One report.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.