We performed a comparison between Checkmarx One and Fortify WebInspect based on real PeerSpot user reviews.
Find out in this report how the two DevSecOps solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The user interface is excellent. It's very user friendly."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Guided Scan option allows us to easily scan and share reports."
"The user interface is ok and it is very simple to use."
"Technical support has been good."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"It is scalable and very easy to use."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"The solution is easy to use."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"Updating and debugging of queries is not very convenient."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"We have often encountered scanning errors."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"The scanner could be better."
"One thing I would like to see them introduce is a cloud-based platform."
"The initial setup was complex."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"Lately, we've seen more false negatives."
Checkmarx One doesn't meet the minimum requirements to be ranked in DevSecOps with 67 reviews while Fortify WebInspect is ranked 7th in DevSecOps with 17 reviews. Checkmarx One is rated 7.6, while Fortify WebInspect is rated 7.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Rapid7 InsightAppSec. See our Checkmarx One vs. Fortify WebInspect report.
See our list of best DevSecOps vendors.
We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.