Checkmarx One Reviews

Cx gives you the ability to push SAST down much lower in the SDLC process. With the use of multiple IDE plugins and the ability to do "incremental" scanning, a scan of your latest code does not bog down your machine as it is offloaded.

It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc).

Meta data is always needed. More tutorials/videos for developers to fix their vulnerabilities is nice. Although the API is useful, I would like to see more functionality added.

I've had to restart services/bounce the VM on two rare occasions.

It scales very easy.

Customer Service:

Customer service is good. Engineers have been quick to get back to me regarding issues and custom work that I have performed.

Technical Support:

Technical support is very knowledgeable.

Initial setup couldn't be any easier. Cx has good documentation on environment requirements. As long as you meet those, the installation process takes maybe 30 minutes for an initial setup; perhaps a bit longer if you're adding multiple engines.

An in-house team implemented it.

Everything is negotiable. Checkmarx approached our dealings in good faith and clearly wanted to be around for awhile. It is much more inexpensive than some alternatives.

Before choosing, we also evaluated Fortify, IBM Appscan, Veracode, etc.

It provides us with code analysis.

It helps with vulnerability scanning of codes to prevent vulnerability of our applications.

I've used it for one year.

No issues encountered.

Straight forward. Easy to follow steps. 

I worked for an IT security firm and it was quite easy to setup the product for demo purposes virtually and even physically on the client premises

It was straightforward, as it has easy to follow steps. 

I worked for an IT security firm and it was quite easy to setup the product for demo purposes virtually and even physically on the client premises.

The license is fairly costly but worth the investment.

They're all as valuable as each other.

We have used this product to verify the dev department's code in order to minimize security holes.

It needs better role management.

I've used it for three years.

No issues encountered.

No issues encountered.

No issues encountered.

It's very good.

It's very good.

This is the only solution I have used.

Very straightforward.

I implemented it myself.

Licensing is expensive per X amount of lines in the code.

No other options were evaluated.

It provides a graphical view of any vulnerabilities.

I have used it as a consultant.

It could be improved with more reporting of false positives and the understanding of file references.

I've used it for one year.

No issues encountered.

No issues encountered.

One needs to be sure on the number of LOC that will be run and also the size of the code.

8/10.

8/10.

I have used Armorize codesecure.

It's a straightforward deployment, and it learns with time.

I implement it.

We use the solution for dynamic application testing. 

I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side. 

I have been working with the product for seven months. 

I would rate the product's stability a ten out of ten.

I would rate the product's scalability a ten out of ten. My company has 15 users for the produc. 

The solution's technical support is good. 

Positive

The tool's setup is very straightforward and I would rate it a ten out of ten. The product's deployment took one to two months to complete. We required the technical and development team which consisted of four to five people to handle the deployment. 

The solution's price is high and you pay based on the number of users. 

I would rate the product a ten out of ten. The solution is the best tool for developers and organizations. 

We use it for code scanning and security testing for our in-house application development. We are using its latest version.

Apart from software scanning, software composition scanning is valuable.

Its user interface could be improved and made more friendly. 

When we change a window, the session times out, and we have to log in again. It can be improved from this aspect.

I have been using this solution for about one year.

It has been stable during our work.

We don't have so many applications. So, I have no idea about its scalability. It is enough for our work at the moment, and we have not had any problem with its scalability.

In our team, we have about 10 users.

We are just users of this solution. There is another team that interacts with them. They get technical support from the vendor on this. 

In my previous company, I used SonarQube. In my opinion, Checkmarx gives better results, and its protection is better than SonarQube.

Another team takes care of its deployment. We are just users. We just log into the server and use it for scanning.

It has been working well. I would rate it a seven out of 10.

I use the tool for testing purposes. 

The tool's valuable features include integrating GPT and Copilot. Additionally, the UI web representation is very user-friendly, making navigation easy. GPT has made several improvements to my security code.

I can't create a business case with multiple-factor authentication.

I have been working with the product for two years. 

While support handles tickets and resolves specific issues, such as business cases, it can be frustrating waiting for responses. They often take a lot of time to address cases or provide resolutions.

Neutral

Checkmarx One's deployment is easy. When we deployed it for a new client, it took around a month to complete. This involved setting up all parameters and sub-administrators. Additionally, finalizing the project involved several tasks, such as scanning with all security gates.

We can get a return in six months. 

The tool's pricing is fine. 

I rate the overall product an eight out of ten.