HCL AppScan and Checkmarx One compete in the security vulnerability scanning category. Checkmarx One appears to have an advantage due to its flexibility and strong language support.
Features: HCL AppScan can detect a wide range of vulnerabilities with a low false positive rate. It offers easy integration during the development phase and supports a variety of compliance requirements. Checkmarx One supports numerous programming languages, offers efficient integration with development environments, and can scan without pre-compilation, enhancing the development pipeline.
Room for Improvement: HCL AppScan could improve by supporting more languages, better integrating with other systems, and handling false positives more effectively. Checkmarx One could focus on reducing false positives, enhancing dynamic testing, and improving integration with CI/CD pipelines. Both products would benefit from advanced AI capabilities for better reporting and more accurate detection.
Ease of Deployment and Customer Service: Both HCL AppScan and Checkmarx One offer on-premises and cloud deployment options. AppScan's customer support quality has decreased post-IBM, with slower response times. Checkmarx One, however, provides responsive and knowledgeable technical support, particularly appreciated by users during transitions and operations.
Pricing and ROI: HCL AppScan is seen as expensive but offers potential ROI through vulnerability reduction. Checkmarx One, while also high in price, provides value with a lower total cost of ownership and greater flexibility. Checkmarx's complex pricing could be a challenge for smaller organizations.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
| Product | Market Share (%) |
|---|---|
| Checkmarx One | 10.4% |
| HCL AppScan | 2.5% |
| Other | 87.1% |
| Company Size | Count |
|---|---|
| Small Business | 30 |
| Midsize Enterprise | 9 |
| Large Enterprise | 38 |
| Company Size | Count |
|---|---|
| Small Business | 13 |
| Midsize Enterprise | 6 |
| Large Enterprise | 31 |
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
