Checkmarx One vs Fortify Software Security Center comparison

Checkmarx One vs. Fortify Software Security Center

Download the complete report

Helped 856,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Checkmarx One

Ranking in Static Application Security Testing (SAST)

3rd

Average Rating

7.6

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Application Security Tools (3rd), Vulnerability Management (24th), Static Code Analysis (3rd), API Security (5th), DevSecOps (4th), Risk-Based Vulnerability Management (9th)

Fortify Software Security C...

Ranking in Static Application Security Testing (SAST)

30th

Average Rating

7.8

Reviews Sentiment

8.3

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of June 2025, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 9.5%, down from 12.8% compared to the previous year. The mindshare of Fortify Software Security Center is 0.4%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Featured Reviews

Syed Hasan

Specialist Leader at Deloitte

Partner experiences excellent technical support and seamless initial setup

In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.

Read full review

Jonathan Steyn

Principal Technical Consultant at EOH

Comprehensive vulnerability analysis and customization features with decent pricing

Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances. WebInspect supports a number of APIs and web endpoints. I find its feature of macro recording allows for testing vulnerabilities during multi-factor authentication sessions very valuable. I appreciate the ability to further analyze data with tools like Audit Workbench.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The UI is very intuitive and simple to use."

"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."

"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."

"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."

"The user interface is modern and nice to use."

"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."

"The solution is scalable, but other solutions are better."

"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."

More Checkmarx One pros

"The reporting is very useful because you can always view an entire list of the issues that you have."

"This is a stable solution at the end of the day."

"Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances."

"The overall rating for this tool is ten out of ten."

"Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities."

"You can easily download the tool's rule packs and update them."

"I like the explanation of issues provided by Fortify Software Security Center."

Cons

"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"

"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."

"You can't use it in the continuous delivery pipeline because the scanning takes too much time."

"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."

"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."

"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."

"Updating and debugging of queries is not very convenient."

"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."

More Checkmarx One cons

"I am not satisfied with the percentage of false positives, which is around eighteen percent."

"Fortify Software Security Center's setup is really painful."

"This solution is difficult to implement, and it should be made more comfortable for the end-users."

"Improvements needed for Software Security Center include better aggregation views of datasets."

"The product's overlap feature is restrictive and requires more customization efforts, which can be expensive."

"We are having issues with false positives that need to be resolved."

"Improvements needed for Software Security Center include better aggregation views of datasets."

Pricing and Cost Advice

"It is a good product but a little overpriced."

"This solution is expensive. The customized package allows you to buy additional users at any time."

"We have purchased an annual license to use this solution. The price is reasonable."

"It's relatively expensive."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

"For around 250 users or committers, the cost is approximately $500,000."

"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."

"I believe pricing is better compared to other commercial tools."

More Checkmarx One pricing and cost advice

"This is a costly solution that could be cheaper."

"As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available."

"The solution is priced fair."

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

856,873 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

14%

Manufacturing Company

10%

Government

Manufacturing Company

20%

Financial Services Firm

16%

Computer Software Company

11%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

What do you like most about Micro Focus Software Security Center?

You can easily download the tool's rule packs and update them.

What is your experience regarding pricing and costs for Micro Focus Software Security Center?

In the beginning, it was difficult for me to verify that our usage of Fortify Software Security Center corresponded to the license and criteria. Now, we have negotiated a number of details to respe...

What needs improvement with Micro Focus Software Security Center?

I would like the false positive issue to diminish. I have experienced a lot of false positives, but I think this is due to using an older version. I hope the new version will resolve my problem.

SonarQube Server (formerly SonarQube) vs Checkmarx One

Comparisons

Compared 36% of the time

Veracode vs Checkmarx One

Compared 12% of the time

Checkmarx SAST vs Checkmarx One

Compared 6% of the time

Fortify on Demand vs Checkmarx One

Compared 6% of the time

OWASP Zap vs Checkmarx One

Compared 5% of the time

More Checkmarx One Competitors

Fortify on Demand vs Fortify Software Security Center

Compared 47% of the time

Acunetix vs Fortify Software Security Center

Compared 42% of the time

HCL AppScan vs Fortify Software Security Center

Compared 11% of the time

More Fortify Software Security Center Competitors

Product Reports

Checkmarx One

Download Checkmarx One product report

Static Application Security Testing (SAST)

Download Fortify Software Security Center product report

Also Known As

No data available

Micro Focus Software Security Center, Application Security Center, HPE Application Security Center, WebInspect

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Software Security Center enables management, development, and security teams to work together to triage, track, validate, automate, and manage software security activities.

OpenText

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Neosecure, Acxiom, Skandinavisk Data Center A/S, Parkeon

Checkmarx One vs. Fortify Software Security Center