Checkmarx One vs Fortra Tripwire IP360 vs HCL AppScan Comparison 2024

Checkmarx One

Read 67 Checkmarx One reviews

34,421 views|22,385 comparisons

Fortra Tripwire IP360

Read 6 Fortra Tripwire IP360 reviews

433 views|322 comparisons

HCL AppScan

Read 40 HCL AppScan reviews

5,423 views|4,191 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Application Security Tools

May 2024

Executive Summary

We performed a comparison between Checkmarx One, Fortra Tripwire IP360, and HCL AppScan based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.

To learn more, read our detailed Application Security Tools Report (Updated: May 2024).

Download the complete report

771,157 professionals have used our research since 2012.

Featured Review

Milind Dharmadhikari

Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited

Researched HCL AppScan but chose Checkmarx One: Enables us to find vulnerabilities in our software before the development cycle is complete

The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete. As an example, an... Read more →

Corey Cole

Service Coordinator - Technology Security at a government

The solution helps users to manage their entire IP range, but it's unreliable and very expensive to maintain

Anonymous User

Owner/ Consultant at a tech services company

Researched Checkmarx One but chose HCL AppScan: Offers many support languages, scans in a decent amount of time and is easy to set up

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"The most valuable feature for me is the Jenkins Plugin.""The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all.""From my point of view, it is the best product on the market.""It shows in-depth code of where actual vulnerabilities are.""It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc).""The UI is very intuitive and simple to use.""The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal.""The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."

More Checkmarx One Pros →

"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed.""Tripwire IP360 is a very stable solution.""We could manage our entire IP range with the solution."

More Fortra Tripwire IP360 Pros →

"It identifies all the URLs and domains on its own and then performs tests and provides the results.""Compared to other tools only AppScan supports special language.""The most valuable feature of the solution is Postman.""AppScan is stable.""The solution offers services in a few specific development languages.""You can easily find particular features and functions through the UI.""Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production.""It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."

More HCL AppScan Pros →

Cons

"The validation process needs to be sped up.""We have received some feedback from our customers who are receiving a large number of false positives.""The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode.""I would like to see the tool’s pricing improved.""Checkmarx has a slightly difficult compilation with the CI/CD pipeline.""The pricing can get a bit expensive, depending on the company's size.""This product requires you to create your own rulesets. You have to do a lot of customization.""Checkmarx could be improved with more integration with third-party software."

More Checkmarx One Cons →

"We need to dedicate time and resources to keep it running.""I am not very impressed by the technical support.""The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."

More Fortra Tripwire IP360 Cons →

"They have to improve support.""If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly.""We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated.""The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed.""The product has some technical limitations.""There is room for improvement in the pricing model.""The pricing has room for improvement.""The databases for HCL are small and have room for improvement."

More HCL AppScan Cons →

Pricing and Cost Advice

"It is the right price for quality delivery."

"I believe pricing is better compared to other commercial tools."

"The pricing was not very good. This is just a framework which shouldn’t cost so much."

"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."

"It is a good product but a little overpriced."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

"Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

More Checkmarx One Pricing and Cost Advice →

"I believe the price compares well within the market."

"The product was expensive for us."

More Fortra Tripwire IP360 Pricing and Cost Advice →

"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."

"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."

"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."

"HCL AppScan is expensive."

"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."

"The price is very expensive."

"The solution is moderately priced."

"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

More HCL AppScan Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See Recommendations

771,157 professionals have used our research since 2012.

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as… more »

Read all 4 answers →

What do you like most about Checkmarx?

Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

Read all 38 answers →

What is your experience regarding pricing and costs for Checkmarx?

Top Answer:The solution's price is high and you pay based on the number of users.

Read all 25 answers →

What do you like most about Tripwire IP360?

Top Answer:We could manage our entire IP range with the solution.

Read all 3 answers →

What is your experience regarding pricing and costs for Tripwire IP360?

Top Answer:The product was expensive for us. It was not cost-effective for how we used it to do the job. We didn't think it was… more »

Read all 3 answers →

What needs improvement with Tripwire IP360?

Top Answer:It's an enterprise-level tool. If we’re not putting it in everything, it's very expensive to maintain in terms of people… more »

Read all 4 answers →

What do you like most about HCL AppScan?

Top Answer:The product has valuable features for static and dynamic testing.

Read all 17 answers →

What needs improvement with HCL AppScan?

Top Answer:HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not… more »

Read all 20 answers →

What is your primary use case for HCL AppScan?

Top Answer:HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by… more »

Read all 18 answers →

Ranking

3rd

out of 74 in Application Security Tools

Views

34,421

Comparisons

22,385

Reviews

Average Words per Review

508

Rating

7.7

39th

out of 111 in Vulnerability Management

Views

433

Comparisons

322

Reviews

Average Words per Review

592

Rating

6.0

15th

out of 74 in Application Security Tools

Views

5,423

Comparisons

4,191

Reviews

Average Words per Review

360

Rating

7.2

Comparisons

SonarQube vs. Checkmarx One

Compared 52% of the time.

Veracode vs. Checkmarx One

Compared 13% of the time.

Fortify on Demand vs. Checkmarx One

Compared 6% of the time.

Snyk vs. Checkmarx One

Compared 4% of the time.

Acunetix vs. Checkmarx One

Compared 1% of the time.

More Checkmarx One Competitors →

Tenable Nessus vs. Fortra Tripwire IP360

Compared 100% of the time.

More Fortra Tripwire IP360 Competitors →

SonarQube vs. HCL AppScan

Compared 15% of the time.

Veracode vs. HCL AppScan

Compared 12% of the time.

Acunetix vs. HCL AppScan

Compared 10% of the time.

OWASP Zap vs. HCL AppScan

Compared 8% of the time.

Fortify on Demand vs. HCL AppScan

Compared 7% of the time.

More HCL AppScan Competitors →

Also Known As

IP360

IBM Security AppScan, Rational AppScan, AppScan

Learn More

Checkmarx

Fortra

HCLTech

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Tripwire IP360 is a powerful vulnerability management solution that identifies and prioritizes network vulnerabilities for remediation. It is highly effective in scanning devices and applications, improving security posture, ensuring compliance, and managing risks.

Users value its detailed reporting, user-friendly interface, and seamless integration with other security tools for efficient security management.

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

1. Aetna 2. Accenture 3. Adidas 4. AIG 5. Airbus 6. Akamai 7. Amazon 8. American Express 9. Aon 10. Apple 11. ATT 12. Autodesk 13. Bank of America 14. Barclays 15. Bayer 16. Bechtel 17. BlackRock 18. Boeing 19. BNP Paribas 20. Cisco 21. CocaCola 22. Comcast 23. Dell 24. Deutsche Bank 25. eBay 26. ExxonMobil 27. FedEx 28. Ford 29. General Electric 30. Google 31. HP 32. IBM

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

Top Industries

REVIEWERS

Computer Software Company31%

Financial Services Firm19%

Comms Service Provider9%

Manufacturing Company9%

VISITORS READING REVIEWS

Financial Services Firm21%

Computer Software Company15%

Manufacturing Company9%

Insurance Company5%

VISITORS READING REVIEWS

Computer Software Company19%

Financial Services Firm18%

Government9%

Energy/Utilities Company9%

REVIEWERS

Government15%

Transportation Company15%

Manufacturing Company10%

Insurance Company10%

VISITORS READING REVIEWS

Computer Software Company19%

Financial Services Firm14%

Government9%

Manufacturing Company9%

Company Size

REVIEWERS

Small Business38%

Midsize Enterprise13%

Large Enterprise50%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise12%

Large Enterprise72%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise11%

Large Enterprise73%

REVIEWERS

Small Business24%

Midsize Enterprise13%

Large Enterprise63%

VISITORS READING REVIEWS

Small Business16%

Midsize Enterprise12%

Large Enterprise72%

Buyer's Guide

Application Security Tools

May 2024

Download Free Report

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: May 2024.

DOWNLOAD NOW

771,157 professionals have used our research since 2012.

Checkmarx One vs Fortra Tripwire IP360 vs HCL AppScan comparison