We performed a comparison between Checkmarx One and Fortify WebInspect based on real PeerSpot user reviews.
Find out in this report how the two DevSecOps solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The solution is scalable, but other solutions are better."
"The solution allows us to create custom rules for code checks."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"It is a stable product."
"The report function is the solution's greatest asset."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"It shows in-depth code of where actual vulnerabilities are."
"The solution is easy to use."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"The solution's technical support was very helpful."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The accuracy of its scans is great."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"Guided Scan option allows us to easily scan and share reports."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Meta data is always needed."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Checkmarx could improve the REST APIs by including automation."
"A localized version, for example, in Korean would be a big improvement to this solution."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"We have often encountered scanning errors."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"Creating reports is very slow and it is something that should be improved."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"The initial setup was complex."
"Not sufficiently compatible with some of our systems."
Checkmarx One doesn't meet the minimum requirements to be ranked in DevSecOps with 67 reviews while Fortify WebInspect is ranked 7th in DevSecOps with 17 reviews. Checkmarx One is rated 7.6, while Fortify WebInspect is rated 7.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Rapid7 InsightAppSec. See our Checkmarx One vs. Fortify WebInspect report.
See our list of best DevSecOps vendors.
We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.