We performed a comparison between Checkmarx One and Contrast Security Protect based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"It shows in-depth code of where actual vulnerabilities are."
"One of the most valuable features is it is flexible."
"It has all the features we need."
"The value you can get out of the speedy production may be worth the price tag."
"Protect provides us with more in-depth visibility into ongoing attacks."
"The solution has excellent real-time capabilities."
"The product gives a few false positives. We get 99 percent true positives."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"I would like to see the tool’s pricing improved."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"The integration could improve by including, for example, DevSecOps."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"Protect's reporting GUI is very basic. To get all statuses from the APIs, we needed to write our own KPI dashboard to provide reports."
"Contrast Security Protect needs to improve integration."
"There's room for improvement in the initial setup."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Contrast Security Protect is ranked 32nd in Application Security Tools with 3 reviews. Checkmarx One is rated 7.6, while Contrast Security Protect is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Contrast Security Protect writes "It provides us with more in-depth visibility into ongoing attacks". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Contrast Security Protect is most compared with SonarQube, Fortify on Demand, Snyk, Tenable.io Web Application Scanning and Sonatype Lifecycle. See our Checkmarx One vs. Contrast Security Protect report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.