2018-10-04T17:27:00Z

What advice do you have for others considering Checkmarx?

Julia Miller - PeerSpot reviewer
  • 0
  • 133
PeerSpot user
Get the report
Helped 765,234 peers since 2012
43

43 Answers

NH
Real User
Top 5Leaderboard
2024-02-09T13:24:06Z
Feb 9, 2024

If someone has too many applications, they can directly integrate Checkmarx into the CI/CD pipeline. We got the license and are running the solution for our customers. We do not charge our customers for the solution. Overall, I rate the product an eight out of ten.

Search for a product comparison
AK
Real User
Top 20
2023-11-01T03:52:00Z
Nov 1, 2023

I rate Checkmarx an eight out of ten.

Syed Rizwan - PeerSpot reviewer
Reseller
Top 5Leaderboard
2023-06-14T14:46:00Z
Jun 14, 2023

I would rate the product a ten out of ten. The solution is the best tool for developers and organizations.

VT
Real User
Top 20
2023-04-26T08:22:54Z
Apr 26, 2023

I'm a customer and end-user. I would recommend the solution to other users. I'd rate the solution eight out of ten.

Pasindu Wijesinghe - PeerSpot reviewer
Real User
Top 20
2023-03-09T22:03:03Z
Mar 9, 2023

I give the solution a nine out of ten.

AS
Real User
Top 20
2023-02-22T11:11:01Z
Feb 22, 2023

I rate the solution a seven out of ten.

Learn what your peers think about Checkmarx. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Rajiv  - PeerSpot reviewer
Vendor
Top 10
2023-01-31T12:35:00Z
Jan 31, 2023

My company is in the service business, so it provides services to customers. For example, the customer uses SonarQube, so my company uses the same tool to execute vulnerability assessments. I've worked on Checkmarx, NetSuite, Acunetix, and other application security tools used by customers. My rating for Checkmarx is eight out of ten because it's a good product, and its only con is the cost, which is high for some customers. I recommend Checkmarx to others because of its performance. The tool has better intelligent outcomes, and Checkmarx has better automation internally. My company is a Checkmarx customer.

KannanPadmanabhan - PeerSpot reviewer
Real User
Top 20
2023-01-13T15:09:20Z
Jan 13, 2023

I rate this solution an eight out of ten. I would recommend going for a piloting approach. With Checkmarx, you have different presets and can determine the security vulnerability standard. Also, check the stability before proceeding with the adoption.

Souhardyya Biswas - PeerSpot reviewer
Real User
Top 10
2022-12-01T08:56:00Z
Dec 1, 2022

Right now, we are partners. We have the solution deployed in the cloud and on-premises. It's a hybrid setup. I'd rate the solution seven out of ten. I'd recommend the product to other users.

Marcelo Carrasco - PeerSpot reviewer
Real User
Top 20
2022-10-06T15:42:53Z
Oct 6, 2022

We have two administrators who coordinate maintenance with the vendor. My advice is that you need to estimate the right amount of licenses. That's very important because right now, our company needs more licenses, and that was not well estimated at the beginning. The other thing is to be clear about the features of this tool that you want or need. I would rate this solution as a nine out of ten.

PG
Real User
Top 20
2022-09-10T15:44:18Z
Sep 10, 2022

We would recommend that organizations considering this solution think about the size of the project involved, as this product works best with very small-scale applications. I would rate this solution a seven out of ten.

RB
Real User
2022-07-11T15:43:35Z
Jul 11, 2022

My advice to others is that Checkmarx is good compared to the other tools. However, they are all comparable, it depends on what languages they want to scan. Overall, Checkmarx is a decent solution. It would be a good idea to test other solutions. I rate Checkmarx

ScottDenton - PeerSpot reviewer
Real User
Top 20
2022-07-08T21:55:21Z
Jul 8, 2022

I’d rate the solution eight out of ten based on ease of use, configuration, customer service, and response time. There are other products out there that are provided as a service where they will go, and you push a button, they collect the data, they review the data, yet there's no specific standard license agreement or SLA that says they're supposed to get back to you within a particular moment of time. Everything that Checkmarx does is instantaneous.

Peter Ejiofor - PeerSpot reviewer
Reseller
Top 5Leaderboard
2022-06-14T16:30:03Z
Jun 14, 2022

I strongly recommend Checkmarx to others. I have sold the solution for nearly eight years, and I'm not aware of any major complaints that the users have that could not be resolved. I rate Checkmarx an eight out of ten. The Checkmarx application is a live wire of technology delivery, and if your application is vulnerable, then the asset that your acquisition will run will also suffer vulnerability. Providing the scanning ability that shows the errors at the source code level is critical to have effective development of any critical application. I would recommend Checkmarx eight because it's very critical and integral to the improvement of technology and cyber security today. It's a critical tool in protecting cyberspace, your asset in cyberspace, and an application that runs nearly all human life today. Everything is driven by technology and application.

San K - PeerSpot reviewer
MSP
Top 5
2022-05-31T06:29:00Z
May 31, 2022

I rate Checkmarx eight out of 10. It's secure, easy to use, and Checkmarx regularly updates their rule sets. I'm happy with the main features of the product, but some of the additional features didn't work for us in the beginning, like scanning at the source code repository level, reporting, etc. There was a lot of back and forth before it started working, so that's why I deducted two points. My advice for future Checkmarx users is to plan the initial deployment well. You will have to choose the right system configuration: CPUs, RAM, disk space, and backup policy. If you plan ahead, you won't have any issues trying to debug or when the size increases.

Le Viet - PeerSpot reviewer
Real User
Top 5
2022-05-29T07:32:12Z
May 29, 2022

This solution is one of the easiest solutions I have used. We have professional services set it up for us but the scans are not enough for us. I rate Checkmarx an eight out of ten.

JG
Real User
2022-04-29T23:13:01Z
Apr 29, 2022

Checkmarx isn't accredited by the US government for DOD networks, so we've been forced to remove it from the network. I'd rate Checkmarx as seven out of ten.

JD
Real User
Top 20
2022-04-27T08:20:36Z
Apr 27, 2022

I would rate it a seven out of ten. It's not the best tool on the market, but it provides some good capability for what it is.

Evgen Gulak - PeerSpot reviewer
Real User
2022-01-12T16:21:24Z
Jan 12, 2022

The purchase of this solution was a mistake. I would advise others to deploy the solution and to test all of the functionality before buying and do not trust the marketing from Checkmarx. I rate Checkmarx a four out of ten.

KN
Real User
2022-02-09T07:45:49Z
Feb 9, 2022

It has been working well. I would rate it a seven out of 10.

YB
Real User
2021-12-20T14:23:00Z
Dec 20, 2021

I rate Checkmarx a nine out of ten.

AN
Real User
2021-10-13T14:14:00Z
Oct 13, 2021

I rate Checkmarx eight out of 10. Until I get more extensive feedback from clients, I would rate it an eight.

EB
Real User
2021-09-15T19:52:24Z
Sep 15, 2021

I would absolutely recommend this solution. I would rate Checkmarx a nine out of 10.

VS
Real User
2021-03-19T17:24:35Z
Mar 19, 2021

I would recommend this solution to others. I rate Checkmarx a six out of ten.

MC
Reseller
2021-03-09T22:51:35Z
Mar 9, 2021

They're a very good company to work with, and that's a very important aspect of any technology these days. You could find very nice technologies, but if the company is not good to work with, it could be of no use. You'll not be able to get it deployed, and you'll not get assistance. You will get bad value for good technology. Checkmarx is a nice, pleasant, and relatively easy company to work with. You will get a good return, and you will get a good partnership and relationship working with them. I would rate Checkmarx an eight out of ten.

ŁR
Reseller
2021-01-27T09:57:18Z
Jan 27, 2021

We're resellers, however, we don't have an exclusive relationship with this company. We're looking at other products we can use and offer to our clients as well. In our company, we do not have the Checkmarx solution running on production. We do have it, however, we only have a learning license, which is non-commercial. On a scale from one to ten, I would rate this product at an eight. Overall, it's been a positive experience so far.

MG
Real User
2021-01-04T18:28:47Z
Jan 4, 2021

Even though we run it manually, it captures most of the things. We decided to go with Checkmarx two years ago, and we are continuing with it. I would rate Checkmarx a seven out of ten. There are a few things that can be improved in this solution.

EK
Reseller
2020-12-24T12:43:00Z
Dec 24, 2020

Depending on the client, we could deploy the solution on the cloud or on-premise. I would recommend Checkmarx because you can learn from the scanning done. They have some of the best features which make the product wonderful. I rate Checkmarx a ten out of ten.

AR
Consultant
2020-12-02T09:30:30Z
Dec 2, 2020

We're a customer. We use the solution in our organization. I'm not sure of which version of the solution we're using. Overall, I'd rate the solution eight out of ten. We've had a pretty positive experience overall.

VY
Real User
2020-09-21T06:33:23Z
Sep 21, 2020

Overall, we are very satisfied with Checkmarx and it is a product that I recommend. I would rate this solution an eight out of ten.

it_user1263726 - PeerSpot reviewer
Real User
2020-09-21T06:33:17Z
Sep 21, 2020

In summary, this is a good application that you can use to scan every code language. You can configure the scan because they provide the Checkmarx query language. These queries are very good and very flexible. It requires a knowledge of this language but you can reach and deal with it using most languages. I would rate this solution an eight out of ten.

TD
Real User
2020-09-13T07:02:21Z
Sep 13, 2020

Checkmarx is probably one of the best static code analyzers available in the market at this point. It is very easy to deploy, use, and maintain. The amount of maintenance required is pretty low. It is absolutely a good tool that I can recommend. Checkmarx has added a lot of functionality since we began using it. This includes OSA, the open-source scan, a training module, and run-time protection. For static code analysis, we are only using Checkmarx and we plan to continue. I would rate this solution a nine out of ten.

Cuneyt KALPAKOGLU Phd. - PeerSpot reviewer
Reseller
Top 5Leaderboard
2020-09-06T08:04:00Z
Sep 6, 2020

If you wish to purchase Checkmarx, you should scan the same source code with a different product, compare them to their competition, and make a decision. This way, you can see the difference and understand the benefits of Checkmarx. Test and scan some lines of code in any programming language you wish, then do the same with a competitor. Checkmarx will produce far fewer false-positives compared to any other solution on the market. Other solutions will produce roughly 900 false-positives whereas Checkmarx will cut that number in half. I am not trying to sell this product to you, this is simply the reality of it. From the technological side, I would give this solution a rating of ten. From a commercial aspect, because it's relatively expensive, I would give it a rating of eight. Overall, because I must choose one number between one and ten, I will give Checkmarx a rating of ten. Day by day, they are improving this product. For example, one of the most important features missing was open sources, which they have now added. They were also missing code training facilities, but they have added those as well. They have a complimentary product now.

SB
Real User
2020-08-19T07:57:33Z
Aug 19, 2020

I would rate this solution a seven out of ten.

it_user1286010 - PeerSpot reviewer
Real User
2020-07-05T15:50:26Z
Jul 5, 2020

This is a product that I recommend and I would rate it a seven out of ten.

it_user1375824 - PeerSpot reviewer
Real User
2020-07-05T09:38:13Z
Jul 5, 2020

I don't recall the exact version of the solution we are using. I would recommend the solution. I'd rate it eight out of ten.

MM
Real User
Leaderboard
2020-06-18T05:18:35Z
Jun 18, 2020

We are resellers but we are also users of this product when we need to check source code because our main business activity is security assessments, not reselling. We have many customers who have purchased this solution from our company. One of them is Softcell, a Ukrainian company. With our approach, we need to find a way to reduce false positives. We don't have great resources to do this work long-term, and we need quick results. There are some projects that have a lot of false positives but we can reduce them by tuning during the scanning. Some of our customers like the Codebashing model. It's an additional model for learning for security practice for developers. They ask for additional tests to this model and want to receive the functionality to check the knowledge. When you receive your product, you should start with testing and understand how it works according to your environment. This includes the language and what framework to choose because it is not a simple solution. You should understand that you should tune it. The most effective approach is to implement SAST into the SDLC, (software development life cycle). You should regularly check your source code, and check your security before every release. For infrastructure, security testing is not enough. There are several applications and static source code security is a must. You should choose Checkmarx SAST for security checks and try to optimize it's build management or source code repository. I would rate this solution a nine out of ten.

DK
Real User
2020-06-15T07:34:10Z
Jun 15, 2020

We're just a customer. We don't have a special relationship with the company. I would definitely recommend Checkmarx, I find them much more feature-rich than other tools I've used in the past. I'd rate the solution eight out of ten.

DR
Real User
2019-06-19T05:02:00Z
Jun 19, 2019

From an administrative standpoint, I would rate Checkmarx with a five out of ten. From what my users are telling me, I'd give it an eight for the tool's ability to report on vulnerabilities in the user experience. I would rate Checkmarx with an eight on the user side and a five on the admin side. Customers need to work with Checkmarx to scale the system for their needs, i.e. work with their recommendations. The best practices that they have there. They have this formula to calculate how many CPUs and how much memory you need. The memory requirements are huge. We've got 64 GB machines to scan them. That's the low end of what they're recommending. Their processes do a lot of number crunching in memory. For a 4 million line code base, it's just going to consume a lot of time and a lot of resources. We are only using the source code scanner. We're not using the OSS scanner. We use Artifactory for our OSS repository, and Artifactory comes with its own built-in OSS scanner. We didn't need two OSS scanners.

RO
Real User
2019-05-22T07:18:00Z
May 22, 2019

If people are in need of static application security, then I would recommend this product. I would rate this solution an eight out of ten.

MD
Real User
2019-05-16T16:17:00Z
May 16, 2019

My advice to any software development team using a different set of tools is to look at Checkmarx. It's a very good product. It's a great product, in fact. Any organization spending money on a subscription license should not look at it as a cost, rather, it should be seen as an investment. The Checkmarx solution can act as a resource that can help the development team to secure their application delivery. Be it an internal application for their own use, or applications being written for their customers. This solution tells us where, in our code, the "best-fix location" is. To put this into perspective, consider a particular piece of code where there are ten vulnerabilities detected. Perhaps it is an SQL injection vulnerability. This tool gives you specific locations and informs that if you fix the code in certain areas (e.g. in three specific locations) then the subsequent vulnerabilities will automatically be addressed. Therefore, you save on development effort because you do not need to fix all ten vulnerabilities specifically and independently. I would rate this product a nine out of ten.

EB
Real User
2019-04-17T08:37:00Z
Apr 17, 2019

We have a small team. It is about four people in total. We do not require that many staff for the deployment and maintenance of Checkmarx. We are testing the solution in a small local company. Our idea is to expand the use of it to our clients in the West. In this space, you can have different points of view and if only you are looking for a solution to do a check in your auditory report, then you can choose anyone. If you really are worried about your business, i.e. about your development sites or development environments, Checkmarx is a great solution. I would rate Checkmarx a nine out of ten because of the price, but technically for me, it is a 10. I would rate Checkmarx with a nine because it would be perfect at a more functional level, and could be better at providing these features for parity. If you research what Checkmarx is offering in their package distribution, you get exactly what they promise up front, so they are not lying.

SD
Real User
2018-10-04T17:27:00Z
Oct 4, 2018

Be cautious of the one-year subscription date. Once it expires, your price will go up.

Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and...
Download Checkmarx ReportRead more

Related Q&As