We performed a comparison between Checkmarx One and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The solution allows us to create custom rules for code checks."
"The report function is the solution's greatest asset."
"Vulnerability details is valuable."
"The solution offers services in a few specific development languages."
"It provides a better integration for our ecosystem."
"The most valuable feature of the solution is the scanning or security part."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"Technical support is helpful."
"We are now deploying less defects to production."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Implementing a blackout time for any user or teams: Needs improvement."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"Meta data is always needed."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"Sometimes it doesn't work so well."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"The solution could improve by having a mobile version."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"A desktop version should be added."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while HCL AppScan is ranked 14th in Application Security Tools with 39 reviews. Checkmarx One is rated 7.6, while HCL AppScan is rated 7.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Acunetix, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and OWASP Zap. See our Checkmarx One vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
