CAST Highlight vs Checkmarx One comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

CAST Highlight
Average Rating
7.8
Number of Reviews
5
Ranking in other categories
Software Composition Analysis (SCA) (13th)
Checkmarx One
Average Rating
7.6
Number of Reviews
68
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (11th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
 

Mindshare comparison

As of June 2024, in the Software Composition Analysis (SCA) category, the mindshare of CAST Highlight is 0.5%, down from 0.8% compared to the previous year. The mindshare of Checkmarx One is 3.5%, down from 10.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
Unique Categories:
No other categories found
Application Security Tools
13.2%
Static Application Security Testing (SAST)
10.2%
 

Featured Reviews

AS
Oct 20, 2022
Easy to set up with optimized and automated insights
We get some code insights from CAST. We get insights as to if this or that function has way too many comments or things like that. We would like to backtrace, and understand how dependent that is as per the application. For example, when you are writing code in C Sharp versus writing code in C++, obviously, C++ has more complexities within that. What CAST does is CAST aggregates for different languages, and if they could provide us inputs for each of these languages separately, then that'd be great. When they classify code between their own code and third-party code, they classify it based on the number of files, and not really the number of lines. I'm not sure how extensive of a change this is on their end; however, it would be nice if they could tell us the number of lines of code that are not theirs. There's a bit of a learning curve at the outset. We have come across bugs occasionally. Technical support could be better.
RB
Jul 11, 2022
Useful automation , detailed reports, but scalability could improve
We use Checkmarx as a code analysis tool We have always used some kind of code analysis tool and Checkmarx has been working for us at this time. We like the tool. The most valuable feature of Checkmarx are the automation and information that it provides in the reports. I am using Checkmarx for…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of CAST Highlight are automation and speed."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"CAST Highlight is easy to use and has a good dashboard."
"It offers good performance."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The UI is user-friendly."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The administration in Checkmarx is very good."
"It shows in-depth code of where actual vulnerabilities are."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
 

Cons

"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The ease of configuration and customization could be improved in CAST Highlight."
"There's a bit of a learning curve at the outset."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"I would like to see the DAST solution in the future."
"Meta data is always needed."
"Checkmarx is not good because it has too many false positive issues."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"It is an expensive solution."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
 

Pricing and Cost Advice

"CAST Highlight is an expensive solution."
"CAST Highlight is an expensive solution. However, CAST Highlight is less expensive than the CAST AIP, but it remains too expensive and the professional services from CAST are also too expensive. The high price is part of the problem with the CAST solutions."
"Basic support is included with the standard licensing feed but it can be upgraded for an additional cost."
"It is a pretty costly tool. A lot of customers are resistant to using it."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"The solution's price is high and you pay based on the number of users."
"It is an expensive solution."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"The interface used to create custom rules comes at an additional cost."
"This solution is expensive. The customized package allows you to buy additional users at any time."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
787,817 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
16%
Insurance Company
10%
Manufacturing Company
9%
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
9%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about CAST Highlight?
The most valuable features of CAST Highlight are automation and speed.
What is your experience regarding pricing and costs for CAST Highlight?
CAST Highlight is an expensive solution. On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing an eight or nine out of ten.
What needs improvement with CAST Highlight?
The ease of configuration and customization could be improved in CAST Highlight.
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The solution's price is high and you pay based on the number of users.
 

Comparisons

 

Learn More

 

Overview

 

Sample Customers

Wells Fargo, Bank of NY Mellon, Northern Trust, Microsoft, Amazon, IBM, BMW, AT&T, US Army, US Air Force, US Navy, John Hancock, Marsh & McLennan, Ernst & Young, PwC, Volkswagen, Boston Consulting Group, London Stock Exchange, Telefonica, Saur France, Total Energies France, SNCF
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Find out what your peers are saying about CAST Highlight vs. Checkmarx One and other solutions. Updated: September 2022.
787,817 professionals have used our research since 2012.