We performed a comparison between Checkmarx One, Fortra Tripwire IP360, and HCL AppScan based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The most valuable feature for me is the Jenkins Plugin."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"From my point of view, it is the best product on the market."
"It shows in-depth code of where actual vulnerabilities are."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The UI is very intuitive and simple to use."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"Tripwire IP360 is a very stable solution."
"We could manage our entire IP range with the solution."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"Compared to other tools only AppScan supports special language."
"The most valuable feature of the solution is Postman."
"AppScan is stable."
"The solution offers services in a few specific development languages."
"You can easily find particular features and functions through the UI."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The validation process needs to be sped up."
"We have received some feedback from our customers who are receiving a large number of false positives."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"I would like to see the tool’s pricing improved."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"The pricing can get a bit expensive, depending on the company's size."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"Checkmarx could be improved with more integration with third-party software."
"We need to dedicate time and resources to keep it running."
"I am not very impressed by the technical support."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"They have to improve support."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"The product has some technical limitations."
"There is room for improvement in the pricing model."
"The pricing has room for improvement."
"The databases for HCL are small and have room for improvement."