CAST Highlight vs Checkmarx One comparison

You must select at least 2 products to compare!
444 views|322 comparisons
100% willing to recommend
Checkmarx Logo
34,421 views|22,385 comparisons
86% willing to recommend
Comparison Buyer's Guide
Executive Summary

We performed a comparison between CAST Highlight and Checkmarx One based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed CAST Highlight vs. Checkmarx One Report (Updated: September 2022).
771,212 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"CAST Highlight is easy to use and has a good dashboard.""The most valuable features of CAST Highlight are automation and speed.""It offers good performance.""The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages.""The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."

More CAST Highlight Pros →

"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.""The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes.""The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility.""The setup is fairly easy. We didn't struggle with the process at all.""The UI is user-friendly.""The report function is the solution's greatest asset.""The most valuable features are the easy to understand interface, and it 's very user-friendly.""The only thing I like is that Checkmarx does not need to compile."

More Checkmarx One Pros →

"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user.""There's a bit of a learning curve at the outset.""Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time.""The ease of configuration and customization could be improved in CAST Highlight.""CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."

More CAST Highlight Cons →

"The plugins for the development environment have room for improvements such as for Android Studio and X code.""Checkmarx is not good because it has too many false positive issues.""Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”.""It is an expensive solution.""Checkmarx could improve the REST APIs by including automation.""Checkmarx could improve the speed of the scans.""Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?""Updating and debugging of queries is not very convenient."

More Checkmarx One Cons →

Pricing and Cost Advice
  • "CAST Highlight is an expensive solution. However, CAST Highlight is less expensive than the CAST AIP, but it remains too expensive and the professional services from CAST are also too expensive. The high price is part of the problem with the CAST solutions."
  • "It is a pretty costly tool. A lot of customers are resistant to using it."
  • "Basic support is included with the standard licensing feed but it can be upgraded for an additional cost."
  • "CAST Highlight is an expensive solution."
  • More CAST Highlight Pricing and Cost Advice →

  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
  • More Checkmarx One Pricing and Cost Advice →

    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    771,212 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The most valuable features of CAST Highlight are automation and speed.
    Top Answer:CAST Highlight is an expensive solution. On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing an eight or nine out of ten.
    Top Answer:The ease of configuration and customization could be improved in CAST Highlight.
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Top Answer:The solution's price is high and you pay based on the number of users.
    Average Words per Review
    Average Words per Review
    SonarQube logo
    Compared 74% of the time.
    Snyk logo
    Compared 5% of the time.
    Veracode logo
    Compared 5% of the time.
    Black Duck logo
    Compared 5% of the time.
    GitLab logo
    Compared 3% of the time.
    SonarQube logo
    Compared 52% of the time.
    Veracode logo
    Compared 13% of the time.
    Fortify on Demand logo
    Compared 6% of the time.
    Snyk logo
    Compared 4% of the time.
    Coverity logo
    Compared 3% of the time.
    Learn More

    CAST Highlight is a SaaS software intelligence product for performing rapid application portfolio analysis. It automatically analyzes source code of hundreds of applications in a week for Cloud Readiness, Software Composition Analysis (Open Source risks), Resiliency, and Technical Debt. Objective software insights from automated source code analysis combined with built-in qualitative surveys for business context enable more informed decision-making about application portfolios.

    CAST is the software intelligence category leader. CAST technology can see inside custom applications with MRI-like precision, automatically generating intelligence about their inner workings - composition, architecture, transaction flows, cloud readiness, structural flaws, legal and security risks. It’s becoming essential for faster modernization for cloud, raising the speed and efficiency of Software Engineering, better open source risk control, and accurate technical due diligence. CAST operates globally with offices in North America, Europe, India, China. Visit

    Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

    Checkmarx One offers comprehensive application scanning across the SDLC:

    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • API security
    • Dynamic Application Security Testing (DAST)
    • Container security
    • IaC security
    • Correlation, prioritization, and risk management
    • Codebashing secure code training
    • AI security
    • Tech partnerships extending AppSec into runtime analysis
    • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

    Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

    Sample Customers
    Wells Fargo, Bank of NY Mellon, Northern Trust, Microsoft, Amazon, IBM, BMW, AT&T, US Army, US Air Force, US Navy, John Hancock, Marsh & McLennan, Ernst & Young, PwC, Volkswagen, Boston Consulting Group, London Stock Exchange, Telefonica, Saur France, Total Energies France, SNCF
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Top Industries
    Financial Services Firm19%
    Computer Software Company17%
    Insurance Company10%
    Manufacturing Company9%
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    Company Size
    Small Business12%
    Midsize Enterprise14%
    Large Enterprise74%
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise72%
    Buyer's Guide
    CAST Highlight vs. Checkmarx One
    September 2022
    Find out what your peers are saying about CAST Highlight vs. Checkmarx One and other solutions. Updated: September 2022.
    771,212 professionals have used our research since 2012.

    CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews. CAST Highlight is rated 7.8, while Checkmarx One is rated 7.6. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". CAST Highlight is most compared with SonarQube, Snyk, Veracode, Black Duck and GitLab, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity. See our CAST Highlight vs. Checkmarx One report.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.