We performed a comparison between Checkmarx and Imperva Bot Management based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"It is a stable product."
"Less false positive errors as compared to any other solution."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The most valuable feature for me is the Jenkins Plugin."
"I am impressed with the product's automatic bot mechanism. It also gives us the control to create our own custom bot rules."
"The stability of the product is good since I haven't had any problems with the solution."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"Checkmarx needs to be more scalable for large enterprise companies."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"I would like to see the tool’s pricing improved."
"Sometimes, it takes a bit of time for the technical staff of the solution to get back to our company with a resolution for our problems."
"The tool needs to include artificial intelligence and machine learning. It also needs to improve profiling."
Checkmarx is ranked 3rd in Application Security Tools with 67 reviews while Imperva Bot Management is ranked 4th in Bot Management with 2 reviews. Checkmarx is rated 7.6, while Imperva Bot Management is rated 8.0. The top reviewer of Checkmarx writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Imperva Bot Management writes "A product that offers advanced bot detection capabilities and reporting features". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Imperva Bot Management is most compared with Cequence Security, Akamai Bot Manager, AWS WAF, Cloudflare and DataDome Real-Time Bot Protection.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.