We performed a comparison between Checkmarx One and NowSecure based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."The only thing I like is that Checkmarx does not need to compile."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The user interface is excellent. It's very user friendly."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"Apart from software scanning, software composition scanning is valuable."
"The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."
"They could work to improve the user interface. Right now, it really is lacking."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"The validation process needs to be sped up."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Checkmarx could improve the speed of the scans."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"Meta data is always needed."
"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"
Earn 20 points
Checkmarx One is ranked 3rd in Application Security Testing (AST) with 67 reviews while NowSecure is ranked 32nd in Application Security Testing (AST). Checkmarx One is rated 7.6, while NowSecure is rated 7.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of NowSecure writes "Scalable and reliable, but dynamic analysis needs improvement". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas NowSecure is most compared with Veracode, Data Theorem API Secure , GitLab and Acunetix.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.