Checkmarx One Reviews

It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results.

Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model.

I have been using this solution for a couple of years.

It is pretty stable.

It has the capability to scale very easily. It is not a problem.

Their support is good. It has a good webpage with a lot of details.

It is very easy to set up. It takes a couple of days. It is not an issue.

It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing. 

I would absolutely recommend this solution. I would rate Checkmarx a nine out of 10.

We use the solution for scanning the code for security.

One of the most valuable features is it is flexible. 

The integration could improve by including, for example, DevSecOps.

In an upcoming release, they could improve by adding support for more languages.

I have been using the solution for two years.

I have found the solution to be stable.

The scalability of the solution is good. We have approximately 4000 using the solution in my organization and they are mostly engineers.

The technical support we have experience was good but they could be faster.

I would recommend this solution to others.

I rate Checkmarx a six out of ten.

We're selling their licenses and their technologies. We have on-premises and cloud deployments. Its deployment depends on the customer requirements. 

It is used for a range of requirements for DevSecOps. It has been deployed to ensure that the development cycle delivers clean and secure code that is vulnerability-free. It is there as a part of the whole compliance and security process.

The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important. 

There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver.

I have been using this solution for two years.

Our customers are completely comfortable with the scalability of the technologies. They can deploy them initially in a relatively straightforward manner and then grow them into their organization quite successfully. We primarily have large customers.

Our team works with them. Their sales engineering team as well as their pre-sales capabilities are very good. They're clear. They work, and they're available, which is good. It is somewhat unusual in this business.

It depends on different technologies, but it is reasonably quite straightforward.

Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive.

They're a very good company to work with, and that's a very important aspect of any technology these days. You could find very nice technologies, but if the company is not good to work with, it could be of no use. You'll not be able to get it deployed, and you'll not get assistance. You will get bad value for good technology. Checkmarx is a nice, pleasant, and relatively easy company to work with. You will get a good return, and you will get a good partnership and relationship working with them.

I would rate Checkmarx an eight out of ten.

We are using multiple solutions for application security, and Checkmarx is one of them. We are a client-centric organization, and we are also providing support to clients for application security. Sometimes, we have our own production, and then we scan the customer information and provide application security. For a few clients, it is deployed on the cloud, and for a few customers, it is on-premises.

The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.

They can support the remaining languages that are currently not supported. They can also
create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks.

It is stable, and it works.

It is scalable. Our clients are small, medium, and big enterprises. It is for all the categories.

Their support is good. I had discussions with them multiple times. We are getting proper support.

It is straightforward. It is not a big challenge. It doesn't take long.

I would rate Checkmarx a seven out of ten.

We're more evaluating the solution rather than using it right now. We're resellers and it's something we'd like to offer to our clients.

I am aware of Checkmarx's portfolio, however, we've been playing exclusively with the SAST and with the AppSec Awareness platform, they're Codebashing platform. It's been a very positive experience overall.

The value you can get out of the speedy production may be worth the price tag.

The reporting could be better on the product. The need to be much more customizable including being customizable for various roles.

The pricing can get a bit expensive, depending on the company's size.

We've been working with this solution for some time. I have personally been working with the product for the last three or four months.

We haven't really extensively worked with any other products.

The cost might seem steep, however, it really depends on, first the size and requirements of your company. There are companies for which the speed of developing new features and developing them securely, is more valuable than for other organizations. 

This goes not only for Checkmarx. It goes for any automated desktop security platform in general. I definitely see the cases when the Checkmarx license is a reasonable expense. It just may not be for everyone.

We've been looking at SonarQube. We're looking into other options as we don't want exclusively to just offer Checkmarx to potential clients.

We looking for solutions more on the enterprise spectrum. Therefore, I would probably consider products such as Vericode. I would also consider the newer players, such as, for example, GitLab. 

We're resellers, however, we don't have an exclusive relationship with this company. We're looking at other products we can use and offer to our clients as well.

In our company, we do not have the Checkmarx solution running on production. We do have it, however, we only have a learning license, which is non-commercial.

On a scale from one to ten, I would rate this product at an eight. Overall, it's been a positive experience so far.

We use Checkmarx for security vulnerability identification. We are using its latest version. We have a license to upgrade to the latest version. Whenever there is a new version, we update it to the latest version.

The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking.

We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code.

The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything.

I have been using this solution for two years. 

Its stability is okay.

We don't directly deal with the Checkmarx technical team. There is a support group available for that, and they work with the Checkmarx team. When we have any issues, we directly call our internal team, and they call the Checkmarx team. They get back to us pretty quickly. The response is very quick. There is no problem.

The initial setup was easy. Our project was quite big, and it took a bit longer. It took almost six hours. We could not do it as CI/CD pipeline because the pipeline expects a response in a short span of time, which was a challenge for us. We are now doing the Checkmarx review manually. We first run the code analysis, and, after the code analysis is over, we go for the pipeline. This is an overhead for us. 

It would be helpful if they can improve the speed of the analysis rate. We also need to find out from our side if there is a way to increase the wait time of the CI/CD pipeline and modify the timeout limit. It would then take 30 minutes to one hour rather than five or six hours. We should be able to adjust the timeout time, change the CI/CD settings, and go ahead with the integrated process. Currently, we cannot have an integrated system, and we also have to move from one script to the next script manually.

Even though we run it manually, it captures most of the things. We decided to go with Checkmarx two years ago, and we are continuing with it. 

I would rate Checkmarx a seven out of ten. There are a few things that can be improved in this solution.

We onboard clients with the solution. We install the product and do the first scan with them. We help developers with security and the best practices with their applications with this solution.

The most valued feature comes within the platform called Codebashing, it allows scanning code for security flaws. Our clients are able to learn from these scans and develop more secure code. The solution is easy to configure and user friendly as well. They also have support for a large variety of languages compared to other solutions and the product updates continuously.

I would like to see the DAST solution in the future. 

We have been using the solution for one year.

We had no issues and it has always worked at a top level of performance.

The solution is easy to intergate. It is plug and play and intergrates well with the pipeline and DevSecOps. Our main client is a big company and the solution works well.

The support is excellent.

The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all.

The product saves you money by minimizing the time needed to figure out how to mitigate the problems by using such features such as The Best Fixed Location and the flow charts.

We evaluated Veracode before choosing Checkmarx.

Depending on the client, we could deploy the solution on the cloud or on-premise. I would recommend Checkmarx because you can learn from the scanning done. They have some of the best features which make the product wonderful. 

I rate Checkmarx a ten out of ten.

We primarily use the solution for static analysis.

The visibility the solution gives you is great. It really gives you the ability to see what the root issues in the code actually are. 

The setup is fairly easy. We didn't struggle with the process at all.

The solution isn't exactly user-friendly. They could make the user experience a bit better in future builds. 

They could work to improve the user interface. Right now, it really is lacking.

We've been using this solution for six months. It's been less than a year and not very long just yet.

The solution is very stable. There aren't bugs or glitches. The solution doesn't freeze and it's not likely to crash. We find it very reliable.

It's my understanding that the solution is scalable. A company that needs to expand can do so.

We have about 100 people that use it in the company.

The technical support is fine. We've always had good experiences. We're satisfied with the level of service we are provided.

We didn't previously use a different solution. We've only ever used this product.

The initial setup is easy and straightforward. It's not complex.

We don't have to handle any maintenance. It's my understanding that Checkmarx handles it.

The pricing is rather reasonable. It's not the most expensive on the market.

We're a customer. We use the solution in our organization.

I'm not sure of which version of the solution we're using.

Overall, I'd rate the solution eight out of ten. We've had a pretty positive experience overall.