We performed a comparison between Checkmarx One and Polyspace Code Prover based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the simple user interface."
"We use the solution to validate the source code and do SAST and security analysis."
"Apart from software scanning, software composition scanning is valuable."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The outputs are very reliable."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"Polyspace Code Prover is a very user-friendly tool."
"The product detects memory corruptions."
"They could work to improve the user interface. Right now, it really is lacking."
"Checkmarx could improve the speed of the scans."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"Its user interface could be improved and made more friendly."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"We can run only one project at a time."
"One of the main disadvantages is the time it takes to initiate the first run."
"Using Code Prover on large applications crashes sometimes."
"Automation could be a challenge."
"I'd like the data to be taken from any format."
"The tool has some stability issues."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews. Checkmarx One is rated 7.6, while Polyspace Code Prover is rated 7.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Polyspace Code Prover is most compared with SonarQube, Coverity, Klocwork, CodeSonar and Parasoft SOAtest. See our Checkmarx One vs. Polyspace Code Prover report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.