Try our new research platform with insights from 80,000+ expert users

Checkmarx One pros and cons

Vendor: Checkmarx

3.8 out of 5

71 reviews
87% willing to recommend

3,522 followers

Pros & Cons summary

Checkmarx One enables pre-compile scanning, allowing early vulnerability detection and integration with various SCM solutions, CICD tools, and repositories. It supports SAST, SCA, and supply chain security, enhancing code security and decreasing false positives. However, it requires expanded language and framework support, improved licensing for Swift, and better SDLC integration. Performance issues like slow scans and high memory usage are concerns alongside the need for manual false positive segregation.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Checkmarx One enables early detection of vulnerabilities before code compilation, allowing for seamless security integration during the development lifecycle.

The platform accurately identifies vulnerabilities, tracks their origins and destinations, and offers actionable insights for remediation.

Checkmarx One supports customizable code check rules and comprehensive reporting that aids in vulnerability management and prioritization.

The integration of multiple SCM solutions and CICD tools enhances scalability and streamlines the scanning process.

Checkmarx One includes features like Static Application Security Testing, Software Composition Analysis, and Supply Chain Security, ensuring robust security coverage across applications.

CONS

Checkmarx One reports many false positives that require manual intervention to mark as "Not exploitable" and needs improvement in reducing these.

The pricing model of Checkmarx One is considered expensive and could be improved to make it more affordable for larger companies.

Checkmarx One struggles with limited support for various programming languages such as C, C++, VB, and T-SQL, and fails to support Swift effectively.

Integration limitations include not supporting certain languages and environments and requiring enhancement to be scalable for enterprise-level usage and integration with third-party software.

Checkmarx One's capabilities for Dynamic Application Security Testing (DAST) and API security features require enhancement to provide more comprehensive security testing options.

Checkmarx One Pros review quotes

DR

Software Configuration Manager at a tech vendor with 501-1,000 employees

Jun 19, 2019

Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before.

Read full review

reviewer1523667

Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees

Feb 7, 2024

The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes.

Read full review

Senior regional manager at AppDome

Jul 27, 2022

The SAST component was absolutely 100% stable.

Read full review

Free Report: Checkmarx One Reviews and More

Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.

856,873 professionals have used our research since 2012.

MD

Milind Dharmadhikari

Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited

May 16, 2019

The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete.

Read full review

CEO at a tech services company with 11-50 employees

Jun 18, 2020

The most valuable features are the easy to understand interface, and it 's very user-friendly.

Read full review

DK

Vice President at Arisglobal Software Pvt Ltd

Jun 15, 2020

The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database.

Read full review

reviewer1711191

Cybersecurity at a transportation company with 1,001-5,000 employees

May 3, 2022

I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy.

Read full review

Cuneyt KALPAKOGLU Phd.

Founder & Chairman at Endpoint-labs Cyber Security R&D

Sep 6, 2020

From my point of view, it is the best product on the market.

Read full review

NH

Naveen Hariharan Vijaya

Security Consultant at IBM Thailand

Feb 9, 2024

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

Read full review

EB

Director and Co-Founder at Ushiro-tec

Apr 17, 2019

The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time.

Read full review

Show 10 more reviews (out of 67)

Checkmarx One Cons review quotes

DR

Software Configuration Manager at a tech vendor with 501-1,000 employees

Jun 19, 2019

Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?

Read full review

reviewer1523667

Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees

Feb 7, 2024

When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped.

Read full review

Senior regional manager at AppDome

Jul 27, 2022

The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement.

Read full review

Free Report: Checkmarx One Reviews and More

Learn what your peers think about Checkmarx One. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.

856,873 professionals have used our research since 2012.

MD

Milind Dharmadhikari

Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited

May 16, 2019

The reports are good, but they still need to be improved considering what the UI offers.

Read full review

CEO at a tech services company with 11-50 employees

Jun 18, 2020

We have received some feedback from our customers who are receiving a large number of false positives.

Read full review

DK

Vice President at Arisglobal Software Pvt Ltd

Jun 15, 2020

In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now.

Read full review

reviewer1711191

Cybersecurity at a transportation company with 1,001-5,000 employees

May 3, 2022

They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server.

Read full review

Cuneyt KALPAKOGLU Phd.

Founder & Chairman at Endpoint-labs Cyber Security R&D

Sep 6, 2020

Micro-services need to be included in the next release.

Read full review

NH

Naveen Hariharan Vijaya

Security Consultant at IBM Thailand

Feb 9, 2024

We can run only one project at a time.

Read full review

EB

Director and Co-Founder at Ushiro-tec

Apr 17, 2019

With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too.

Read full review

Show 10 more reviews (out of 67)

Related questions

171

What is the biggest difference between Veracode and Checkmarx?

49

Checkmarx or Veracode. Which should we choose?

854

What is the Biggest Difference Between Checkmarx and Fortify?

91

What is the biggest difference between Checkmarx and SonarQube?

139

Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode

524

If you had to both encrypt and compress data during transmission, which would you do first and why?

29

When evaluating Application Security, what aspect do you think is the most important to look for?

80

What are the Top 5 cybersecurity trends in 2022?

106

What are the threats associated with using ‘bogus’ cybersecurity tools?

30

We're evaluating Tripwire, what else should we consider?