Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Fortify WebInspect comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Checkmarx One
Ranking in DevSecOps
2nd
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), API Security (3rd), Risk-Based Vulnerability Management (5th)
Fortify WebInspect
Ranking in DevSecOps
9th
Average Rating
7.0
Number of Reviews
19
Ranking in other categories
Dynamic Application Security Testing (DAST) (2nd)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Navin N - PeerSpot reviewer
Sep 16, 2024
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The UI is user-friendly."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"It shows in-depth code of where actual vulnerabilities are."
"The most valuable feature for me is the Jenkins Plugin."
"The solution's technical support was very helpful."
"Good at scanning and finding vulnerabilities."
"The most valuable feature of this solution is the ability to make our customers more secure."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"It's a well-known platform for doing dynamic application scanning."
"The most valuable feature is the static analysis."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
 

Cons

"Meta data is always needed."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"I would like to see the rate of false positives reduced."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"I would like to see the DAST solution in the future."
"We have had a problem with authentification."
"The scanner could be better."
"The initial setup was complex."
"Not sufficiently compatible with some of our systems."
"We have often encountered scanning errors."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
 

Pricing and Cost Advice

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"We have purchased an annual license to use this solution. The price is reasonable."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
"This solution is expensive. The customized package allows you to buy additional users at any time."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"The pricing is not clear and while it is not high, it is difficult to understand."
"It’s a fair price for the solution."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"This solution is very expensive."
"Fortify WebInspect is a very expensive product."
"The price is okay."
report
Use our free recommendation engine to learn which DevSecOps solutions are best for your needs.
812,628 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Financial Services Firm
17%
Computer Software Company
17%
Government
14%
Manufacturing Company
12%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx is not a cheap solution. For around 250 users or committers, the cost is approximately $500,000. However, the investment is justified considering the potential costs of security breaches ...
What do you like most about Fortify WebInspect?
The solution's technical support was very helpful.
What is your experience regarding pricing and costs for Fortify WebInspect?
Pricing depends on the deal and can vary. Smaller clients might find it challenging to afford Fortify WebInspect, while it is more suitable for medium to large enterprises. The OEMs tend to price s...
What needs improvement with Fortify WebInspect?
There are some file extensions, like .SER, that Fortify WebInspect doesn't scan. For these, we have to depend on other tools like GitHub scanners.
 

Also Known As

No data available
Micro Focus WebInspect, WebInspect
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Aaron's
Find out what your peers are saying about Checkmarx One vs. Fortify WebInspect and other solutions. Updated: September 2024.
812,628 professionals have used our research since 2012.