We performed a comparison between Checkmarx One and Imperva Bot Management based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"Both automatic and manual code review (CxQL) are valuable."
"Apart from software scanning, software composition scanning is valuable."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"Less false positive errors as compared to any other solution."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The most valuable feature is the application tracking reporting."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"I am impressed with the product's automatic bot mechanism. It also gives us the control to create our own custom bot rules."
"The stability of the product is good since I haven't had any problems with the solution."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Updating and debugging of queries is not very convenient."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"The tool needs to include artificial intelligence and machine learning. It also needs to improve profiling."
"Sometimes, it takes a bit of time for the technical staff of the solution to get back to our company with a resolution for our problems."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Imperva Bot Management is ranked 4th in Bot Management with 2 reviews. Checkmarx One is rated 7.6, while Imperva Bot Management is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Imperva Bot Management writes "A product that offers advanced bot detection capabilities and reporting features". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Imperva Bot Management is most compared with Cloudflare, AWS WAF, Cequence Security, DataDome Real-Time Bot Protection and Akamai Bot Manager.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.