We performed a comparison between Checkmarx One and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"Scan reviews can occur during the development lifecycle."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"We use the solution for dynamic application testing."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"Our static operation security has been able to identify more security issues since implementing this solution."
"Compared to other tools only AppScan supports special language."
"This is a stable solution."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"It provides a better integration for our ecosystem."
"The static scans are good, and the SaaS as well."
"The UI was very intuitive."
"It was easy to set up."
"The solution is easy to use."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"The solution sometimes reports a false auditable code or false positive."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"AppScan is too complicated and should be made more user-friendly."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"The product has some technical limitations."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"Many silly false positives are produced."
"Scans become slow on large websites."
"The solution could improve by having a mobile version."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while HCL AppScan is ranked 15th in Application Security Tools with 41 reviews. Checkmarx One is rated 7.6, while HCL AppScan is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Acunetix, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Fortify on Demand. See our Checkmarx One vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.