We performed a comparison between CAST Highlight and Checkmarx One based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"The most valuable features of CAST Highlight are automation and speed."
"It offers good performance."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"CAST Highlight is easy to use and has a good dashboard."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The most valuable feature is the simple user interface."
"The setup is fairly easy. We didn't struggle with the process at all."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The only thing I like is that Checkmarx does not need to compile."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"There's a bit of a learning curve at the outset."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"The ease of configuration and customization could be improved in CAST Highlight."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"If it is a very large code base then we have a problem where we cannot scan it."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Checkmarx could improve by reducing the price."
"They could work to improve the user interface. Right now, it really is lacking."
"Meta data is always needed."
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews. CAST Highlight is rated 7.8, while Checkmarx One is rated 7.6. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". CAST Highlight is most compared with SonarQube, Snyk, Veracode, Black Duck and GitLab, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity. See our CAST Highlight vs. Checkmarx One report.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.