• Home
  • Checkmarx One vs. NGINX App Protect

Checkmarx One vs NGINX App Protect comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
Checkmarx One
Read 67 Checkmarx One reviews
0 views|39 comparisons
86% willing to recommend
F5 Logo
NGINX App Protect
Read 19 NGINX App Protect reviews
432 views|331 comparisons
94% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
API Security
May 2024
Executive Summary

We performed a comparison between Checkmarx One and NGINX App Protect based on real PeerSpot user reviews.

Find out what your peers are saying about Noname Security, Salt Security, Checkmarx and others in API Security.
To learn more, read our detailed API Security Report (Updated: May 2024).
Download the complete report
771,212 professionals have used our research since 2012.
Featured Review
Anonymous User
Useful automation , detailed reports, but scalability could improve
We have always used some kind of code analysis tool and Checkmarx has been working for us at this time. We like the tool.
Ntwrkengine0887
Flexible and high availability
NGINX App Protect has improved the flexibility of services in our company and distributed new escalation applications. The downtime in our network... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems.""We use the solution to validate the source code and do SAST and security analysis.""The most valuable feature is the application tracking reporting.""I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy.""We use the solution for dynamic application testing.""The value you can get out of the speedy production may be worth the price tag.""The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking.""The solution has good performance, it is able to compute in 10 to 15 minutes."

More Checkmarx One Pros →

"The most valuable feature of NGINX App Protect is the reverse proxy.""The most valuable feature of NGINX App Protect is its flexibility.""WAF is useful to track mitigation, inclusion, prevention, and the parametric firewall.""It is a very good tool for load balancing.""I tested specific features and evaluated the solution against the Web Application Firewall. I conducted research to test different detection percentages. I did not use it directly for protection but for evaluation purposes.""It is a stable solution.""It has the best documentation features.""The most valuable feature is that I can establish different services from the firewall."

More NGINX App Protect Pros →

Cons
"Implementing a blackout time for any user or teams: Needs improvement.""The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform.""With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too.""I would like to see the DAST solution in the future.""Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve.""The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools.""Integration into the SDLC (i.e. support for last version of SonarQube) could be added.""We have received some feedback from our customers who are receiving a large number of false positives."

More Checkmarx One Cons →

"Areas for improvement would be if NGINX could scan for vulnerabilities and learn and update the signatures of DoS attacks.""NGINX App Protect could improve security.""The product's user interface is an area with shortcomings as it can be quite confusing for users, making it an area where improvements are required.""The integration of NGINX App Protect could improve.""Its technical support could be better.""Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment.""As far as scalability, it takes a long time for deployment.""The dashboard could provide a more comprehensive view of the status of the connections."

More NGINX App Protect Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

    • More Checkmarx One Pricing and Cost Advice →

  • "The licensing fees for this solution are pretty expensive for what it does, but there is no alternative."
  • "Our licensing costs are about $40,000 a year."
  • "Really understand the licensing model, because we underestimated that."
  • "There are no additional fees."
  • "NGINX is not expensive."
  • "The pricing is reasonable because NGINX operates on an instance basis."
  • "There is a license needed to use NGINX App Protect."
  • "There are not any additional costs we had to pay to use NGINX App Protect."

    • More NGINX App Protect Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which API Security solutions are best for your needs.
    See Recommendations
    771,212 professionals have used our research since 2012.
    Questions from the Community
    What alternatives are there for Fortify WebInspect and Fortify SCA?
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Read all 4 answers   →
    What do you like most about Checkmarx?
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Checkmarx?
    Top Answer:The solution's price is high and you pay based on the number of users.
    Read all 25 answers   →
    What do you like most about NGINX App Protect?
    Top Answer:It's very easy to deploy.
    Read all 14 answers   →
    What is your experience regarding pricing and costs for NGINX App Protect?
    Top Answer:The solution has yearly, three-year, and five-year subscriptions.
    Read all 12 answers   →
    What needs improvement with NGINX App Protect?
    Top Answer:NGINX App Protect could provide a better user interface.
    Read all 14 answers   →
    Ranking
    3rd
    out of 22 in API Security
    Views
    0
    Comparisons
    39
    Reviews
    21
    Average Words per Review
    513
    Rating
    7.7
    4th
    out of 22 in API Security
    Views
    432
    Comparisons
    331
    Reviews
    9
    Average Words per Review
    334
    Rating
    8.7
    Comparisons
    Also Known As
    NGINX WAF, NGINX Web Application Firewall
    Learn More
    Checkmarx
    F5
    Overview

    Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

    Checkmarx One offers comprehensive application scanning across the SDLC:

    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • API security
    • Dynamic Application Security Testing (DAST)
    • Container security
    • IaC security
    • Correlation, prioritization, and risk management
    • Codebashing secure code training
    • AI security
    • Tech partnerships extending AppSec into runtime analysis
    • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

    Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

    NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

    • Integrating security controls directly into the development automation pipeline
    • Applying and managing security for modern and distributed application environments such as containers and microservices
    • Providing the right level of security controls without impacting release and go-to-market velocity
    • Complying with security and regulatory requirements

    NGINX App Protect offers:

    • Expanded security beyond basic signatures to ensure adequate controls
    • F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
    • Confidently run in “blocking” mode in production with proven F5 expertise
    • High‑confidence signatures for extremely low false positives
    • Increases visibility, integrating with third‑party analytics solutions
    • Integrates security and WAF natively into the CI/CD pipeline
    • Deploys as a lightweight software package that is agnostic of underlying infrastructure
    • Facilitates declarative policies for “security as code” and integration with DevOps tools
    • Decreases developer burden and provides feedback loop for quick security remediation
    • Accelerates time to market and reduces costs with DevSecOps‑automated security
    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Information Not Available
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Financial Services Firm33%
    Comms Service Provider33%
    Insurance Company17%
    Computer Software Company17%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm11%
    Comms Service Provider8%
    Healthcare Company7%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise72%
    REVIEWERS
    Small Business26%
    Midsize Enterprise26%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise15%
    Large Enterprise60%
    Buyer's Guide
    API Security
    May 2024
    Download Free Report
    Find out what your peers are saying about Noname Security, Salt Security, Checkmarx and others in API Security. Updated: May 2024.
    DOWNLOAD NOW
    771,212 professionals have used our research since 2012.

    Checkmarx One is ranked 3rd in API Security with 67 reviews while NGINX App Protect is ranked 4th in API Security with 19 reviews. Checkmarx One is rated 7.6, while NGINX App Protect is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of NGINX App Protect writes "Capable of complete automation but is costly ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas NGINX App Protect is most compared with AWS WAF, Microsoft Azure Application Gateway, F5 Advanced WAF, Fortinet FortiWeb and Cloudflare Web Application Firewall.

    See our list of best API Security vendors.

    We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.