Checkmarx Reviews

Sr. Application Security Manager at a tech services company with 201-500 employees
Real User
Top 5Leaderboard
Sep 27, 2020
Good interface and reporting capability, and it integrates well with other products

What is our primary use case?

I am in charge of application security and Checkmarx is one of the products that I use in this capacity. We use this product for code scanning and static code analysis.

Pros and Cons

  • "The user interface is modern and nice to use."
  • "If it is a very large code base then we have a problem where we cannot scan it."

What other advice do I have?

In summary, this is a good application that you can use to scan every code language. You can configure the scan because they provide the Checkmarx query language. These queries are very good and very flexible. It requires a knowledge of this language but you can reach and deal with it using most languages. I would rate this solution an eight out of ten.

Checkmarx Questions

William Hayes
User at Securities America

I am looking for pros and cons for the Checkmarx vs SonarQube, in particular regarding:

  • false positives

  • tuning Sonarqube to reduce false positives without introducing false negatives. 

I am also wondering if SonarQube could allow developers to delint their code before submitting it to SAST with either Checkmarx or Veracode. 

Donovan GreeffMy opinions are my own and do not represent any other entities that I may be or… more »
Durga GudimetlaSonarQube can be used for SAST. However, based on our internal analysis, our… more »
Swapna RagiSonarQube depends on completely what you configure the Rules. You will have the… more »

We are currently evaluating application security solutions. What is the biggest difference between Veracode and Checkmarx? Which would you recommend? 

Thanks! I appreciate the help. 

Russell RothsteinJaeLee, check out our comparison page here of Veracode vs Checkmarx… more »
Vincent HuCheckmarx can be deploy on private , Veracode only support the Saas Model . But… more »
Volker KoenigsbuescherVeracode is very new in DAST and IAST, Checkmarx is offering that since longer… more »
Julia Frohwein
Content and Social Media Manager
IT Central Station

If you were talking to someone whose organization is considering Codebashing, what would you say?

How would you rate it and why? Any other tips or advice?

Julia Frohwein
Content and Social Media Manager
IT Central Station

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Julia Frohwein
Content and Social Media Manager
IT Central Station

Please share with the community what you think needs improvement with Codebashing.

What are its weaknesses? What would you like to see changed in a future version?

Miriam Tover
Content Specialist
IT Central Station


We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Miriam Tover
Content Specialist
IT Central Station

Hi Everyone,

What do you like most about Codebashing?

Thanks for sharing your thoughts with the community!

Almir Menezes
Sales Director at a tech company with 1-10 employees

I have more than 20 years of experience in IT, having worked in technical, commercial and business areas.

I am currently researching Veracode and Checkmarx. What is the total cost of ownership for the two? Are there big differences between them?

Thanks! I appreciate your help. 

Malla Reddy Bakka
User at a tech services company with 10,001+ employees

I currently work for a global product engineering and lifecycle services partner. 

We are currently evaluating Checkmarx and SonarQube for our PoC. What are the biggest differences between the two? Which would you recommend?

Thanks! I appreciate the help.

Elina PetrovnaSonarQube historically was focused on Code Quality and Best Practices. Recently… more »
ManojKumar9The major difference I have seen between Checkmarx and SonarQube is… more »