We just raised a $30M Series A: Read our story
2018-10-04T17:27:00Z

What advice do you have for others considering Checkmarx?

6

If you were talking to someone whose organization is considering Checkmarx, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
2121 Answers

author avatar
Top 20Real User

I would absolutely recommend this solution. I would rate Checkmarx a nine out of 10.

2021-09-15T19:52:24Z
author avatar
Top 20Real User

I would recommend this solution to others. I rate Checkmarx a six out of ten.

2021-03-19T17:24:35Z
author avatar
Top 20Reseller

They're a very good company to work with, and that's a very important aspect of any technology these days. You could find very nice technologies, but if the company is not good to work with, it could be of no use. You'll not be able to get it deployed, and you'll not get assistance. You will get bad value for good technology. Checkmarx is a nice, pleasant, and relatively easy company to work with. You will get a good return, and you will get a good partnership and relationship working with them. I would rate Checkmarx an eight out of ten.

2021-03-09T22:51:35Z
author avatar
Top 20Reseller

We're resellers, however, we don't have an exclusive relationship with this company. We're looking at other products we can use and offer to our clients as well. In our company, we do not have the Checkmarx solution running on production. We do have it, however, we only have a learning license, which is non-commercial. On a scale from one to ten, I would rate this product at an eight. Overall, it's been a positive experience so far.

2021-01-27T09:57:18Z
author avatar
Top 20Real User

Even though we run it manually, it captures most of the things. We decided to go with Checkmarx two years ago, and we are continuing with it. I would rate Checkmarx a seven out of ten. There are a few things that can be improved in this solution.

2021-01-04T18:28:47Z
author avatar
Top 5LeaderboardReseller

Depending on the client, we could deploy the solution on the cloud or on-premise. I would recommend Checkmarx because you can learn from the scanning done. They have some of the best features which make the product wonderful. I rate Checkmarx a ten out of ten.

2020-12-24T12:43:00Z
author avatar
Top 10Consultant

We're a customer. We use the solution in our organization. I'm not sure of which version of the solution we're using. Overall, I'd rate the solution eight out of ten. We've had a pretty positive experience overall.

2020-12-02T09:30:30Z
author avatar
Top 5Real User

Overall, we are very satisfied with Checkmarx and it is a product that I recommend. I would rate this solution an eight out of ten.

2020-09-21T06:33:23Z
author avatar
Top 5LeaderboardReal User

In summary, this is a good application that you can use to scan every code language. You can configure the scan because they provide the Checkmarx query language. These queries are very good and very flexible. It requires a knowledge of this language but you can reach and deal with it using most languages. I would rate this solution an eight out of ten.

2020-09-21T06:33:17Z
author avatar
Top 5Real User

Checkmarx is probably one of the best static code analyzers available in the market at this point. It is very easy to deploy, use, and maintain. The amount of maintenance required is pretty low. It is absolutely a good tool that I can recommend. Checkmarx has added a lot of functionality since we began using it. This includes OSA, the open-source scan, a training module, and run-time protection. For static code analysis, we are only using Checkmarx and we plan to continue. I would rate this solution a nine out of ten.

2020-09-13T07:02:21Z
author avatar
Top 5LeaderboardReal User

If you wish to purchase Checkmarx, you should scan the same source code with a different product, compare them to their competition, and make a decision. This way, you can see the difference and understand the benefits of Checkmarx. Test and scan some lines of code in any programming language you wish, then do the same with a competitor. Checkmarx will produce far fewer false-positives compared to any other solution on the market. Other solutions will produce roughly 900 false-positives whereas Checkmarx will cut that number in half. I am not trying to sell this product to you, this is simply the reality of it. From the technological side, I would give this solution a rating of ten. From a commercial aspect, because it's relatively expensive, I would give it a rating of eight. Overall, because I must choose one number between one and ten, I will give Checkmarx a rating of ten. Day by day, they are improving this product. For example, one of the most important features missing was open sources, which they have now added. They were also missing code training facilities, but they have added those as well. They have a complimentary product now.

2020-09-06T08:04:00Z
author avatar
Top 10Real User

I would rate this solution a seven out of ten.

2020-08-19T07:57:33Z
author avatar
Top 20Consultant

This is a product that I recommend and I would rate it a seven out of ten.

2020-07-05T15:50:26Z
author avatar
Top 20Real User

I don't recall the exact version of the solution we are using. I would recommend the solution. I'd rate it eight out of ten.

2020-07-05T09:38:13Z
author avatar
Top 10LeaderboardReseller

We are resellers but we are also users of this product when we need to check source code because our main business activity is security assessments, not reselling. We have many customers who have purchased this solution from our company. One of them is Softcell, a Ukrainian company. With our approach, we need to find a way to reduce false positives. We don't have great resources to do this work long-term, and we need quick results. There are some projects that have a lot of false positives but we can reduce them by tuning during the scanning. Some of our customers like the Codebashing model. It's an additional model for learning for security practice for developers. They ask for additional tests to this model and want to receive the functionality to check the knowledge. When you receive your product, you should start with testing and understand how it works according to your environment. This includes the language and what framework to choose because it is not a simple solution. You should understand that you should tune it. The most effective approach is to implement SAST into the SDLC, (software development life cycle). You should regularly check your source code, and check your security before every release. For infrastructure, security testing is not enough. There are several applications and static source code security is a must. You should choose Checkmarx SAST for security checks and try to optimize it's build management or source code repository. I would rate this solution a nine out of ten.

2020-06-18T05:18:35Z
author avatar
Top 20Real User

We're just a customer. We don't have a special relationship with the company. I would definitely recommend Checkmarx, I find them much more feature-rich than other tools I've used in the past. I'd rate the solution eight out of ten.

2020-06-15T07:34:10Z
author avatar
Real User

From an administrative standpoint, I would rate Checkmarx with a five out of ten. From what my users are telling me, I'd give it an eight for the tool's ability to report on vulnerabilities in the user experience. I would rate Checkmarx with an eight on the user side and a five on the admin side. Customers need to work with Checkmarx to scale the system for their needs, i.e. work with their recommendations. The best practices that they have there. They have this formula to calculate how many CPUs and how much memory you need. The memory requirements are huge. We've got 64 GB machines to scan them. That's the low end of what they're recommending. Their processes do a lot of number crunching in memory. For a 4 million line code base, it's just going to consume a lot of time and a lot of resources. We are only using the source code scanner. We're not using the OSS scanner. We use Artifactory for our OSS repository, and Artifactory comes with its own built-in OSS scanner. We didn't need two OSS scanners.

2019-06-19T05:02:00Z
author avatar
Real User

If people are in need of static application security, then I would recommend this product. I would rate this solution an eight out of ten.

2019-05-22T07:18:00Z
author avatar
Real User

My advice to any software development team using a different set of tools is to look at Checkmarx. It's a very good product. It's a great product, in fact. Any organization spending money on a subscription license should not look at it as a cost, rather, it should be seen as an investment. The Checkmarx solution can act as a resource that can help the development team to secure their application delivery. Be it an internal application for their own use, or applications being written for their customers. This solution tells us where, in our code, the "best-fix location" is. To put this into perspective, consider a particular piece of code where there are ten vulnerabilities detected. Perhaps it is an SQL injection vulnerability. This tool gives you specific locations and informs that if you fix the code in certain areas (e.g. in three specific locations) then the subsequent vulnerabilities will automatically be addressed. Therefore, you save on development effort because you do not need to fix all ten vulnerabilities specifically and independently. I would rate this product a nine out of ten.

2019-05-16T16:17:00Z
author avatar
Real User

We have a small team. It is about four people in total. We do not require that many staff for the deployment and maintenance of Checkmarx. We are testing the solution in a small local company. Our idea is to expand the use of it to our clients in the West. In this space, you can have different points of view and if only you are looking for a solution to do a check in your auditory report, then you can choose anyone. If you really are worried about your business, i.e. about your development sites or development environments, Checkmarx is a great solution. I would rate Checkmarx a nine out of ten because of the price, but technically for me, it is a 10. I would rate Checkmarx with a nine because it would be perfect at a more functional level, and could be better at providing these features for parity. If you research what Checkmarx is offering in their package distribution, you get exactly what they promise up front, so they are not lying.

2019-04-17T08:37:00Z
author avatar
Real User

Be cautious of the one-year subscription date. Once it expires, your price will go up.

2018-10-04T17:27:00Z
Learn what your peers think about Checkmarx. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,608 professionals have used our research since 2012.