IT Central Station is now PeerSpot: Here's why
Senior Cybersecurity Solution Architect at a computer software company with 51-200 employees
Real User
Top 20
Integrates well with other security solutions
Pros and Cons
  • "It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
  • "I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."

What is our primary use case?

Checkmarx is used only for static application security testing (SAST), and it can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.

What needs improvement?

I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features. So most of my customers would love to have consolidated vendors who cover all application security to lower operational overhead.

For how long have I used the solution?

I'm a solution architect, not an end-user. I'm selling Checkmarx. This is the first year I've done business with Checkmarx. In the past five years, I worked a lot with Fortify and Micro Focus. I currently have two customers running Checkmarx, and one more is evaluating the product.

How was the initial setup?

Setting up Checkmarx should be relatively straightforward. It takes a little more time for the DevOps team to enable everything, but overall deployment should take less than a week, including preparation and implementation. 
Buyer's Guide
Checkmarx
June 2022
Learn what your peers think about Checkmarx. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
609,272 professionals have used our research since 2012.

What's my experience with pricing, setup cost, and licensing?

Most of my customers opted for a perpetual license. They prefer to pay the highest amount upfront for the perpetual license and then pay for additional support annually.

What other advice do I have?

I rate Checkmarx eight out of 10. Until I get more extensive feedback from clients, I would rate it an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Techincal Lead of Developers at a government with 10,001+ employees
Real User
Intuitive, with good dashboards and metrics but needs more third-party integration

What is our primary use case?

We mainly use Checkmarx for accreditation, checking for vulnerabilities, and identifying areas in the code to fix some of the NIST 800 security controls.

What is most valuable?

The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for. It's also pretty intuitive and has a lot of good dashboards and metrics.

What needs improvement?

Checkmarx could be improved with more integration with third-party software.

For how long have I used the solution?

I've been using Checkmarx for about six months.

What do I think about the stability of the solution?

We've had no issues with Checkmarx's stability.

What do I think about the scalability of the solution?

I thought Checkmarx was pretty scalable.

How are customer service and support?

My experience with Checkmarx's technical support has been very positive.

How would you rate customer service and support?

Positive

How was the initial setup?

I found the setup pretty straightforward, though it took several days because the system engineers had to go through some different configuration settings to get it done.

What about the implementation team?

We worked with Checkmarx when we ran into issues, and they were pretty responsive.

What other advice do I have?

Checkmarx isn't accredited by the US government for DOD networks, so we've been forced to remove it from the network. I'd rate Checkmarx as seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Checkmarx
June 2022
Learn what your peers think about Checkmarx. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
609,272 professionals have used our research since 2012.
Samuel Baguma - PeerSpot reviewer
Senior Security Engineer at a pharma/biotech company with 501-1,000 employees
Real User
Top 20
Detailed reporting assists in repairing problems, but there are a lot of false positives
Pros and Cons
  • "The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
  • "You can't use it in the continuous delivery pipeline because the scanning takes too much time."

What is our primary use case?

When I had an issue that was causing trouble in my code, I would upload it to Checkmarx to perform static code analysis. I would then study the reports.

How has it helped my organization?

Using this product improved the stability of my code that went into production.

What is most valuable?

The most valuable feature is the scanning.

The reports are very good because they include details on the code level, and make suggestions about how to fix the problems.

What needs improvement?

You can't use it in the continuous delivery pipeline because the scanning takes too much time. Better integration with the CD pipeline would be helpful.

It reports a lot of false positives so you have to discriminate and take ones that are rated at either a one or a two. The lower-rated problems need to be discarded.

For how long have I used the solution?

I used Checkmarx for about six months at my previous place of employment. I stopped using it about six months ago.

What do I think about the scalability of the solution?

We had perhaps 100 users at my previous job.

How are customer service and technical support?

I was not in contact with technical support.

What other advice do I have?

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Le Viet - PeerSpot reviewer
Security Consultant at VNCS
Real User
Top 5
Minimal configuration, simple setup, and useful user interface

What is our primary use case?

Checkmarx is used for application security, we can detect the stability and other details on how to fix issues.

What is most valuable?

The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results.

What needs improvement?

Checkmarx could improve the speed of the scans.

For how long have I used the solution?

I have been using Checkmarx for approximately half a year.

What do I think about the scalability of the solution?

We have five people in our company that uses Checkmarx, we do not plan to increase usage.

How are customer service and support?

I have used the support from Checkmarx.

Which solution did I use previously and why did I switch?

I have not used another before Checkmarx.

How was the initial setup?

The initial setup of Checkmarx was very easy. The process took approximately one hour. We only need to provide information.

What about the implementation team?

We have five people that are supporting Checkmarx in our company.

What other advice do I have?

This solution is one of the easiest solutions I have used. We have professional services set it up for us but the scans are not enough for us.

I rate Checkmarx an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
AVP, aPaaS Engineer at a financial services firm with 10,001+ employees
Real User
Top 20
Reasonably price, high performance, and simple installation

What is our primary use case?

We are using Checkmarx for application code scanning, such as scanning for different leverages in the application code.

What is most valuable?

The solution has good performance, it is able to compute in 10 to 15 minutes. 

What needs improvement?

Checkmarx could improve the REST APIs by including automation.

For how long have I used the solution?

I have been using Checkmarx for approximately one year.

What do I think about the stability of the solution?

Checkmarx is stable.

What do I think about the scalability of the solution?

The scalability of Checkmarx is good, we can onboard easily.

We have approximately 200 people in my organization using this solution.

How are customer service and support?

I have not contacted technical support. We have not required it.

Which solution did I use previously and why did I switch?

I have used SonarQube previously.

How was the initial setup?

The installation is straightforward and takes approximately 40 minutes.

What about the implementation team?

I am able to do the implementation myself.

We have administrators and engineers that support and maintain the solution.

What's my experience with pricing, setup cost, and licensing?

We have purchased an annual license to use this solution. The price is reasonable.

What other advice do I have?

I rate Checkmarx a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Director and Co-Founder at a tech services company with 11-50 employees
Real User
Fits our requirements, scales easily, and is easy to use
Pros and Cons
  • "It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
  • "Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."

What is most valuable?

It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results.

What needs improvement?

Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model.

For how long have I used the solution?

I have been using this solution for a couple of years.

What do I think about the stability of the solution?

It is pretty stable.

What do I think about the scalability of the solution?

It has the capability to scale very easily. It is not a problem.

How are customer service and technical support?

Their support is good. It has a good webpage with a lot of details.

How was the initial setup?

It is very easy to set up. It takes a couple of days. It is not an issue.

What's my experience with pricing, setup cost, and licensing?

It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing. 

What other advice do I have?

I would absolutely recommend this solution. I would rate Checkmarx a nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Procurement Analyst at a pharma/biotech company with 10,001+ employees
Real User
Flexible features, stable, but more supported languages needed

What is our primary use case?

We use the solution for scanning the code for security.

What is most valuable?

One of the most valuable features is it is flexible. 

What needs improvement?

The integration could improve by including, for example, DevSecOps.

In an upcoming release, they could improve by adding support for more languages.

For how long have I used the solution?

I have been using the solution for two years.

What do I think about the stability of the solution?

I have found the solution to be stable.

What do I think about the scalability of the solution?

The scalability of the solution is good. We have approximately 4000 using the solution in my organization and they are mostly engineers.

How are customer service and technical support?

The technical support we have experience was good but they could be faster.

What other advice do I have?

I would recommend this solution to others.

I rate Checkmarx a six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Software Engineer at a computer software company with 10,001+ employees
Consultant
Simple to use interface, but it needs to have support for more languages

What is our primary use case?

We use Checkmarx for scanning our source code.

What is most valuable?

The most valuable feature is the simple user interface.

What needs improvement?

I would like to see the rate of false positives reduced.

Checkmarx needs support for more languages, including COBOL.

What do I think about the stability of the solution?

The stability is fine.

How are customer service and technical support?

I have not been in contact with technical support.

What other advice do I have?

This is a product that I recommend and I would rate it a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Checkmarx Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2022
Buyer's Guide
Download our free Checkmarx Report and get advice and tips from experienced pros sharing their opinions.