We performed a comparison between Checkmarx One and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"Vulnerability details is valuable."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The product has valuable features for static and dynamic testing."
"This solution saves us time due to the low number of false positives detected."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"I like the recording feature."
"There's extensive functionality with custom rules and a custom knowledge base."
"The static scans are good, and the SaaS as well."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"I would like to see the rate of false positives reduced."
"I would like to see the DAST solution in the future."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"We have received some feedback from our customers who are receiving a large number of false positives."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"The reports are good, but they still need to be improved considering what the UI offers."
"The pricing can get a bit expensive, depending on the company's size."
"AppScan is too complicated and should be made more user-friendly."
"The solution could improve by having a mobile version."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"There is room for improvement in the pricing model."
"Sometimes it doesn't work so well."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while HCL AppScan is ranked 14th in Application Security Tools with 39 reviews. Checkmarx One is rated 7.6, while HCL AppScan is rated 7.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Acunetix, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and OWASP Zap. See our Checkmarx One vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.