We performed a comparison between Checkmarx One and NowSecure based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"The most valuable feature for me is the Jenkins Plugin."
"The only thing I like is that Checkmarx does not need to compile."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"Checkmarx needs to be more scalable for large enterprise companies."
"Implementing a blackout time for any user or teams: Needs improvement."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"Micro-services need to be included in the next release."
"We have received some feedback from our customers who are receiving a large number of false positives."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"
Earn 20 points
Checkmarx One is ranked 3rd in Application Security Testing (AST) with 67 reviews while NowSecure is ranked 32nd in Application Security Testing (AST). Checkmarx One is rated 7.6, while NowSecure is rated 7.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of NowSecure writes "Scalable and reliable, but dynamic analysis needs improvement". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas NowSecure is most compared with Veracode, Data Theorem API Secure , GitLab and Acunetix.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.