What is the biggest difference between Veracode and Checkmarx?

We are currently evaluating application security solutions. What is the biggest difference between Veracode and Checkmarx? Which would you recommend? 

Thanks! I appreciate the help. 

66 Answers

author avatar
Community Manager

JaeLee, check out our comparison page here of Veracode vs Checkmarx: https://www.itcentralstation.com/products/comparisons/checkmarx_vs_veracode

Checkmarx is ranked 4th, while Veracode is ranked 1st with 39 reviews. Checkmarx is rated 8.0, while Veracode is rated 8.2. The top reviewer of Checkmarx writes "Works well with Windows servers but no Linux support and takes too long to scan files". On the other hand, the top reviewer of Veracode writes "Enables us to automatically submit each new build for scanning and get results directly into our JIRA". Checkmarx is most compared with SonarQube, Veracode and Micro Focus Fortify on Demand, whereas Veracode is most compared with SonarQube, Checkmarx and Micro Focus Fortify on Demand.

author avatar
Top 10Vendor

Veracode has offered a dynamic analysis testing solution for several years, having launched our first offering in 2015. Veracode’s DAST product line offers the ideal solution to find all of the sites on your web perimeter, including the ones that you did not know about, and run a comprehensive DAST scan of the websites you are securing. Veracode Dynamic Analysis scans Single Page Apps and apps built with Angular and React Vue.js frameworks. Veracode Dynamic Analysis provides scanning automation to configure, schedule, and kick-off scans using REST APIs. We offer integrations with Jira and Jenkins to help streamline your processes. While we are new entrants into the IAST market, we’re confident that Veracode Interactive Analysis can meet the needs of the market. Veracode’s IAST product installs in the pipeline with a lightweight, multi-language agent that delivers high-quality results. Veracode Interactive Analysis covers multiple languages to simplify CICD tooling and adds only 3% to pipeline timelines.

author avatar
Real User

In order to run correctly, Veracode needs executables compiled with debug, that is not so different from having source code, but configuration files checking will be excluded from the analysis. The quality of detections of CheckMarx is superior, as well as the number of supported programming languages. Further, the Veracode company's stability was recently mined by a further recent acquisition. Between those products I haven't any doubt to choose Checkmarx

author avatar

Veracode is very new in DAST and IAST, Checkmarx is offering that since longer time and is more experienced.

author avatar

Checkmarx can be deploy on private , Veracode only support the Saas Model . But in China I think that is better for Appscan which include black box and white box function . Any question can contact SYSTIME CHINA . (Apple@systime.com.cn)

Find out what your peers are saying about Checkmarx vs. Veracode and other solutions. Updated: January 2021.
464,757 professionals have used our research since 2012.