We performed a comparison between Checkmarx One and IBM Guardium Vulnerability Assessment based on real PeerSpot user reviews.
Find out in this report how the two Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"Both automatic and manual code review (CxQL) are valuable."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The most valuable feature for me is the Jenkins Plugin."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The UI is very intuitive and simple to use."
"The most valuable feature is that it provides a simple English recommendation on actions that you need to take once a vulnerability is discovered."
"It helped with some of the regulatory requirements. It also helped with some of the security analytics and analysis. It was worthwhile from that perspective."
"The reporting features are good and there are many built-in reports that can be quickly configured."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"I would like to see the DAST solution in the future."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Checkmarx is not good because it has too many false positive issues."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Checkmarx could be improved with more integration with third-party software."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"It was not as easy to use. The user-friendliness of it was somewhat lower than what I was expecting. It was also lacking in terms of the ease of the setup. There should be an automatic agent for deployment."
"Building policies is not that easy. There are some things that are turned off by default, for example, displaying values."
"The interface could be improved by having sub-groups of tests, ultimately making the process of collecting tests faster."
More IBM Guardium Vulnerability Assessment Pricing and Cost Advice →
Checkmarx One is ranked 11th in Vulnerability Management with 67 reviews while IBM Guardium Vulnerability Assessment is ranked 40th in Vulnerability Management with 3 reviews. Checkmarx One is rated 7.6, while IBM Guardium Vulnerability Assessment is rated 6.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of IBM Guardium Vulnerability Assessment writes "Worthwhile from the regulatory requirements and analytics perspective, but is expensive and not easy to use". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas IBM Guardium Vulnerability Assessment is most compared with Tenable Nessus, Qualys VMDR, Acunetix, Rapid7 InsightVM and Orca Security. See our Checkmarx One vs. IBM Guardium Vulnerability Assessment report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
