We performed a comparison between Checkmarx One and Parasoft SOAtest based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"The most valuable feature is the simple user interface."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The UI is very intuitive and simple to use."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"Every imaginable source in the entire world of information technology can be accessed and used."
"The testing time is shortened because we generate test data automatically with SOAtest."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"Since the solution has both command line and automation options, it generates good reports."
"Automatic testing is the most valuable feature."
"The solution is scalable."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"Updating and debugging of queries is not very convenient."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"Checkmarx is not good because it has too many false positive issues."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"Reporting facilities can be better."
"UI testing should be more in-depth."
"The performance could be a bit better."
"From an automation point of view, it should have better clarity and be more user friendly."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"The product is very slow to start up, and that is a bit of a problem, actually."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Parasoft SOAtest is ranked 28th in Static Application Security Testing (SAST) with 30 reviews. Checkmarx One is rated 7.6, while Parasoft SOAtest is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Parasoft SOAtest writes "Good API testing and RIT feature; clarity could be improved". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Klocwork. See our Checkmarx One vs. Parasoft SOAtest report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
