We performed a comparison between Checkmarx One and Polyspace Code Prover based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The value you can get out of the speedy production may be worth the price tag."
"We use the solution to validate the source code and do SAST and security analysis."
"The most valuable feature for me is the Jenkins Plugin."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The UI is very intuitive and simple to use."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"The user interface is excellent. It's very user friendly."
"Polyspace Code Prover is a very user-friendly tool."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"The product detects memory corruptions."
"The outputs are very reliable."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"The solution sometimes reports a false auditable code or false positive."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Meta data is always needed."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The tool has some stability issues."
"One of the main disadvantages is the time it takes to initiate the first run."
"I'd like the data to be taken from any format."
"Automation could be a challenge."
"Using Code Prover on large applications crashes sometimes."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews. Checkmarx One is rated 7.6, while Polyspace Code Prover is rated 7.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Polyspace Code Prover is most compared with SonarQube, Coverity, Klocwork and CodeSonar. See our Checkmarx One vs. Polyspace Code Prover report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.