IT Central Station is now PeerSpot: Here's why
Director at a tech services company with 11-50 employees
Reseller
Top 20
Good features, good support, fair price, and good ability to deliver what customers require
Pros and Cons
  • "The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
  • "There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."

What is our primary use case?

We're selling their licenses and their technologies. We have on-premises and cloud deployments. Its deployment depends on the customer requirements.  It is used for a range of requirements for DevSecOps. It has been deployed to ensure that the development cycle delivers clean and secure code that is vulnerability-free. It is there as a part of the whole compliance and security process.

What is most valuable?

The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important. 

What needs improvement?

There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver.

For how long have I used the solution?

I have been using this solution for two years.
Buyer's Guide
Checkmarx
May 2022
Learn what your peers think about Checkmarx. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
598,116 professionals have used our research since 2012.

What do I think about the scalability of the solution?

Our customers are completely comfortable with the scalability of the technologies. They can deploy them initially in a relatively straightforward manner and then grow them into their organization quite successfully. We primarily have large customers.

How are customer service and support?

Our team works with them. Their sales engineering team as well as their pre-sales capabilities are very good. They're clear. They work, and they're available, which is good. It is somewhat unusual in this business.

How was the initial setup?

It depends on different technologies, but it is reasonably quite straightforward.

What's my experience with pricing, setup cost, and licensing?

Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive.

What other advice do I have?

They're a very good company to work with, and that's a very important aspect of any technology these days. You could find very nice technologies, but if the company is not good to work with, it could be of no use. You'll not be able to get it deployed, and you'll not get assistance. You will get bad value for good technology. Checkmarx is a nice, pleasant, and relatively easy company to work with. You will get a good return, and you will get a good partnership and relationship working with them. I would rate Checkmarx an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Vice President Of Technology at a computer software company with 5,001-10,000 employees
Real User
Top 5
Good reporting, performance, and coverage for different languages
Pros and Cons
  • "The most valuable feature is the application tracking reporting."
  • "The cost per user is high and should be reduced."

What is our primary use case?

We primarily use Checkmarx for application security and tracking.

What is most valuable?

The most valuable feature is the application tracking reporting.

From the user's perspective, the interface is pretty good. It will point out the exact line of code when an issue is found.

It is good in terms of coverage for different languages.

It is updated automatically so there is less maintenance.

What needs improvement?

The cost per user is high and should be reduced. Five years ago, it was a user-based model, which was significantly better. It would be great if we could distribute the cost equally between projects.

For how long have I used the solution?

I have been working with Checkmarx for about two years.

What do I think about the stability of the solution?

This is a stable product.

What do I think about the scalability of the solution?

It is scalable in terms of being able to run multiple instances for different products. We have approximately 10 users, which is the size of our application security team.

I would like to increase our usage of this product, but it will ultimately depend on the company's strategy.

How are customer service and technical support?

Given the stability of Checmarx, it doesn't require a lot of communication with technical support. That said, we have been in touch with them for non-technical issues and they have a good team with a lot of Russian speakers.

Which solution did I use previously and why did I switch?

Prior to using Checkmarx, I used AppScan but the concept is completely different. With Checkmarx, you are working with source code, whereas as with AppScan, you are working with binaries. You can say that AppScan is more like a dynamic security scan and Checkmarx is more static.

These products are quite different in terms of how you do the testing. Checkmarx is better from both a performance perspective and reporting a lower number of false positives.

How was the initial setup?

We did not have any trouble with the initial setup. Our deployment was done within a couple of hours. The easiest thing to do is create a virtual machine and deploy it.

What about the implementation team?

Our in-house IT staff was responsible for the implementation.

What's my experience with pricing, setup cost, and licensing?

The number of users and coverage for languages will have an impact on the cost of the license. We would like to deploy it for the whole company but it's a question of spending thousands of dollars. Investing $200,000 or $300,000 would be an upper management decision.

The educational component is additional and costs approximately $100 per month for each user. This is too high so we did not agree to the service.

What other advice do I have?

Overall, we are very satisfied with Checkmarx and it is a product that I recommend.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Checkmarx
May 2022
Learn what your peers think about Checkmarx. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
598,116 professionals have used our research since 2012.
Solution Manager at a computer software company with 201-500 employees
Reseller
Top 20
Good value with a very good CodeBashing platform and AppSec Awareness
Pros and Cons
  • "The value you can get out of the speedy production may be worth the price tag."
  • "The pricing can get a bit expensive, depending on the company's size."

What is our primary use case?

We're more evaluating the solution rather than using it right now. We're resellers and it's something we'd like to offer to our clients.

What is most valuable?

I am aware of Checkmarx's portfolio, however, we've been playing exclusively with the SAST and with the AppSec Awareness platform, they're Codebashing platform. It's been a very positive experience overall.

The value you can get out of the speedy production may be worth the price tag.

What needs improvement?

The reporting could be better on the product. The need to be much more customizable including being customizable for various roles.

The pricing can get a bit expensive, depending on the company's size.

For how long have I used the solution?

We've been working with this solution for some time. I have personally been working with the product for the last three or four months.

Which solution did I use previously and why did I switch?

We haven't really extensively worked with any other products.

What's my experience with pricing, setup cost, and licensing?

The cost might seem steep, however, it really depends on, first the size and requirements of your company. There are companies for which the speed of developing new features and developing them securely, is more valuable than for other organizations. 

This goes not only for Checkmarx. It goes for any automated desktop security platform in general. I definitely see the cases when the Checkmarx license is a reasonable expense. It just may not be for everyone.

Which other solutions did I evaluate?

We've been looking at SonarQube. We're looking into other options as we don't want exclusively to just offer Checkmarx to potential clients.

We looking for solutions more on the enterprise spectrum. Therefore, I would probably consider products such as Vericode. I would also consider the newer players, such as, for example, GitLab

What other advice do I have?

We're resellers, however, we don't have an exclusive relationship with this company. We're looking at other products we can use and offer to our clients as well.

In our company, we do not have the Checkmarx solution running on production. We do have it, however, we only have a learning license, which is non-commercial.

On a scale from one to ten, I would rate this product at an eight. Overall, it's been a positive experience so far.

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Antoine Rime - PeerSpot reviewer
Cyber Security Consultant at a computer software company with 5,001-10,000 employees
Consultant
Top 20
Stable with an easy setup and good visibility
Pros and Cons
  • "The setup is fairly easy. We didn't struggle with the process at all."
  • "They could work to improve the user interface. Right now, it really is lacking."

What is our primary use case?

We primarily use the solution for static analysis.

What is most valuable?

The visibility the solution gives you is great. It really gives you the ability to see what the root issues in the code actually are. 

The setup is fairly easy. We didn't struggle with the process at all.

What needs improvement?

The solution isn't exactly user-friendly. They could make the user experience a bit better in future builds. 

They could work to improve the user interface. Right now, it really is lacking.

For how long have I used the solution?

We've been using this solution for six months. It's been less than a year and not very long just yet.

What do I think about the stability of the solution?

The solution is very stable. There aren't bugs or glitches. The solution doesn't freeze and it's not likely to crash. We find it very reliable.

What do I think about the scalability of the solution?

It's my understanding that the solution is scalable. A company that needs to expand can do so.

We have about 100 people that use it in the company.

How are customer service and technical support?

The technical support is fine. We've always had good experiences. We're satisfied with the level of service we are provided.

Which solution did I use previously and why did I switch?

We didn't previously use a different solution. We've only ever used this product.

How was the initial setup?

The initial setup is easy and straightforward. It's not complex.

We don't have to handle any maintenance. It's my understanding that Checkmarx handles it.

What's my experience with pricing, setup cost, and licensing?

The pricing is rather reasonable. It's not the most expensive on the market.

What other advice do I have?

We're a customer. We use the solution in our organization.

I'm not sure of which version of the solution we're using.

Overall, I'd rate the solution eight out of ten. We've had a pretty positive experience overall.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director of consultory at a non-tech company with 1,001-5,000 employees
Reseller
Top 5
Includes features to easily secure code, multiple language support and excellent customer support
Pros and Cons
  • "The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
  • "I would like to see the DAST solution in the future."

What is our primary use case?

We onboard clients with the solution. We install the product and do the first scan with them. We help developers with security and the best practices with their applications with this solution.

What is most valuable?

The most valued feature comes within the platform called Codebashing, it allows scanning code for security flaws. Our clients are able to learn from these scans and develop more secure code. The solution is easy to configure and user friendly as well. They also have support for a large variety of languages compared to other solutions and the product updates continuously.

What needs improvement?

I would like to see the DAST solution in the future. 

For how long have I used the solution?

We have been using the solution for one year.

What do I think about the stability of the solution?

We had no issues and it has always worked at a top level of performance.

What do I think about the scalability of the solution?

The solution is easy to intergate. It is plug and play and intergrates well with the pipeline and DevSecOps. Our main client is a big company and the solution works well.

How are customer service and technical support?

The support is excellent.

How was the initial setup?

The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all.

What was our ROI?

The product saves you money by minimizing the time needed to figure out how to mitigate the problems by using such features such as The Best Fixed Location and the flow charts.

Which other solutions did I evaluate?

We evaluated Veracode before choosing Checkmarx.

What other advice do I have?

Depending on the client, we could deploy the solution on the cloud or on-premise. I would recommend Checkmarx because you can learn from the scanning done. They have some of the best features which make the product wonderful. 

I rate Checkmarx a ten out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Head of IT Security Department at a tech services company with 501-1,000 employees
Real User
Top 20
Many false positives and inaccurate information, but scalable
Pros and Cons
  • "The solution is scalable, but other solutions are better."
  • "Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."

What is our primary use case?

We are using Checkmarx for analyzing threats.

We are not using the latest version of Checkmarx because we faced some issues.

What needs improvement?

Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities.

SonarCube functions better in these areas.

For how long have I used the solution?

I have used Checkmarx within the last 24 months.

What do I think about the stability of the solution?

The stability of Checkmarx could improve.

I would rate the stability of Checkmarx a six out of ten.

What do I think about the scalability of the solution?

The solution is scalable, but other solutions are better.

We have 20 developers using this solution. We have a few projects left to use this solution and then we will move to something else next year.

How are customer service and support?

The support could improve, it takes a long time for a response. The service we received was poor.

Which solution did I use previously and why did I switch?

I am using Checkmarx in parallel with SonarQube.

How was the initial setup?

We didn't like how long they took to implement the product. The installation was not intuitive. We were constantly having meetings and installation additional things.

The implementation process should improve.

What about the implementation team?

We were helped by both the local partner and the vendor for the implementation.

We have two developers for the maintenance and support of Checkmarx.

What's my experience with pricing, setup cost, and licensing?

We're using a commercial version of Checkmarx, and we paid for the solution for two years. The price is high and could be reduced.

The local distributor charges two times higher than in other countries.

What other advice do I have?

The purchase of this solution was a mistake.

I would advise others to deploy the solution and to test all of the functionality before buying and do not trust the marketing from Checkmarx.

I rate Checkmarx a four out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Security at a tech services company with 51-200 employees
Real User
Top 5
Gives good results, but can be more user-friendly

What is our primary use case?

We use it for code scanning and security testing for our in-house application development. We are using its latest version.

What is most valuable?

Apart from software scanning, software composition scanning is valuable.

What needs improvement?

Its user interface could be improved and made more friendly. 

When we change a window, the session times out, and we have to log in again. It can be improved from this aspect.

For how long have I used the solution?

I have been using this solution for about one year.

What do I think about the stability of the solution?

It has been stable during our work.

What do I think about the scalability of the solution?

We don't have so many applications. So, I have no idea about its scalability. It is enough for our work at the moment, and we have not had any problem with its scalability.

In our team, we have about 10 users.

How are customer service and support?

We are just users of this solution. There is another team that interacts with them. They get technical support from the vendor on this. 

Which solution did I use previously and why did I switch?

In my previous company, I used SonarQube. In my opinion, Checkmarx gives better results, and its protection is better than SonarQube.

How was the initial setup?

Another team takes care of its deployment. We are just users. We just log into the server and use it for scanning.

What other advice do I have?

It has been working well. I would rate it a seven out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Information Security Architect at a tech services company with 1,001-5,000 employees
Real User
Gives less number of false positives and supports most of the languages, but need to support remaining languages and create a model to identify zero-day attacks

What is our primary use case?

We are using multiple solutions for application security, and Checkmarx is one of them. We are a client-centric organization, and we are also providing support to clients for application security. Sometimes, we have our own production, and then we scan the customer information and provide application security. For a few clients, it is deployed on the cloud, and for a few customers, it is on-premises.

What is most valuable?

The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.

What needs improvement?

They can support the remaining languages that are currently not supported. They can also
create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks.

What do I think about the stability of the solution?

It is stable, and it works.

What do I think about the scalability of the solution?

It is scalable. Our clients are small, medium, and big enterprises. It is for all the categories.

How are customer service and technical support?

Their support is good. I had discussions with them multiple times. We are getting proper support.

How was the initial setup?

It is straightforward. It is not a big challenge. It doesn't take long.

What's my experience with pricing, setup cost, and licensing?

I would rate Checkmarx a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Checkmarx Report and get advice and tips from experienced pros sharing their opinions.
Updated: May 2022
Buyer's Guide
Download our free Checkmarx Report and get advice and tips from experienced pros sharing their opinions.