Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Invicti comparison

Checkmarx and Invicti are both solutions in the Dynamic Application Security Testing (DAST) category. Checkmarx holds a 13.2% mindshare in DAST, compared to Invicti’s 12.3% mindshare. Additionally, 87% of Checkmarx users are willing to recommend the solution, compared to 96% of Invicti users who would recommend it.
Checkmarx One
Read 71 Checkmarx One reviews
    87% willing to recommend
    Invicti
    Read 30 Invicti reviews
    • 2,995 Views
    • 449 Comparison Views
    96% willing to recommend
     

    Comparison Buyer's Guide

    Download the report
    Executive SummaryUpdated on Oct 8, 2024

    Invicti and Checkmarx One are both key players in the security testing tools category, serving different user preferences. Invicti appears to have the upper hand in terms of pricing and customer service, whereas Checkmarx One is favored for its comprehensive features.

    Features: Invicti offers ease of integration, accurate vulnerability scans, and streamlined security assessments. Checkmarx One stands out with static and dynamic application security testing and broader security coverage.

    Room for Improvement: Invicti could improve its reporting outputs, scalability, and handling of larger projects. Checkmarx One needs more intuitive navigation, faster analysis times, and could simplify deployment.

    Ease of Deployment and Customer Service: Invicti is known for its straightforward deployment and responsive customer service. Checkmarx One, while more complex to deploy, provides comprehensive support, though response times vary.

    Pricing and ROI: Invicti's pricing is considered reasonable, offering a positive ROI. Checkmarx One, although more expensive, delivers substantial returns, justifying its cost with advanced features.

    DOWNLOAD THE COMPLETE REPORT
    To learn more, read our detailed Checkmarx One vs. Invicti Report (Updated: July 2025).
    Buyer's Guide
    Checkmarx One vs. Invicti
    July 2025
    Download the complete report
    Helped 864,155 peers since 2012

    Review summaries and opinions

    We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
     

    Categories and Ranking

    Checkmarx One
    Ranking in Static Application Security Testing (SAST)
    4th
    Ranking in API Security
    5th
    Average Rating
    7.6
    Reviews Sentiment
    6.9
    Number of Reviews
    71
    Ranking in other categories
    Application Security Tools (3rd), Vulnerability Management (24th), Static Code Analysis (3rd), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
    Invicti
    Ranking in Static Application Security Testing (SAST)
    14th
    Ranking in API Security
    6th
    Average Rating
    8.2
    Reviews Sentiment
    6.7
    Number of Reviews
    30
    Ranking in other categories
    Dynamic Application Security Testing (DAST) (4th)
     

    Mindshare comparison

    As of August 2025, in the Dynamic Application Security Testing (DAST) category, the mindshare of Checkmarx One is 13.2%, down from 18.5% compared to the previous year. The mindshare of Invicti is 12.3%, up from 11.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
    Dynamic Application Security Testing (DAST)
     

    Featured Reviews

    Syed Hasan - PeerSpot reviewer
    Partner experiences excellent technical support and seamless initial setup
    In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
    Read full review
    Kunal M - PeerSpot reviewer
    Proactive scanning measures and realistic audit recommendations enhance development focus
    Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.
    Read full review

    Quotes from Members

    We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
     

    Pros

    "The UI is very intuitive and simple to use."
    "The user interface is excellent. It's very user friendly."
    "The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
    "Less false positive errors as compared to any other solution."
    "Both automatic and manual code review (CxQL) are valuable."
    "It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
    "The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
    "The most valuable features are the easy to understand interface, and it 's very user-friendly."
    More Checkmarx One pros
    "Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
    "Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios."
    "I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
    "High level of accuracy and quick scanning."
    "Its ability to crawl a web application is quite different than another similar scanner."
    "Invicti is a good product, and its API testing is also good."
    "The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
    "When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
    More Invicti pros
     

    Cons

    "The plugins for the development environment have room for improvements such as for Android Studio and X code."
    "Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
    "We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
    "Checkmarx could improve by reducing the price."
    "Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
    "Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
    "It would be really helpful if the level of confidence was included, with respect to identified issues."
    "The solution's user interface could be improved because it seems outdated."
    More Checkmarx One cons
    "Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
    "The solution's false positive analysis and vulnerability analysis libraries could be improved."
    "Invicti takes too long with big applications, and there are issues with the login portal."
    "The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
    "Currently, there is nothing I would like to improve."
    "It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
    "The scanner itself should be improved because it is a little bit slow."
    "The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
    More Invicti cons
     

    Pricing and Cost Advice

    "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
    "We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
    "I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
    "The interface used to create custom rules comes at an additional cost."
    "Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
    "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
    "This solution is expensive. The customized package allows you to buy additional users at any time."
    "The tool's pricing is fine."
    More Checkmarx One pricing and cost advice
    "We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
    "The price should be 20% lower"
    "It is competitive in the security market."
    "I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
    "Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
    "Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
    "The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
    "OWASP Zap is free and it has live updates, so that's a big plus."
    More Invicti pricing and cost advice
    report
    See which vendors are best for you
    Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
    See recommendations
    864,155 professionals have used our research since 2012.
     

    Top Industries

    By visitors reading reviews
    Financial Services Firm
    20%
    Computer Software Company
    14%
    Manufacturing Company
    10%
    Government
    6%
    Financial Services Firm
    18%
    Computer Software Company
    14%
    Manufacturing Company
    10%
    Government
    9%
     

    Company Size

    By reviewers
    Large Enterprise
    Midsize Enterprise
    Small Business
     

    Questions from the Community

    What alternatives are there for Fortify WebInspect and Fortify SCA?
    I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    See all answers
    What do you like most about Checkmarx?
    Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    See all answers
    What is your experience regarding pricing and costs for Checkmarx?
    The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
    See all answers
    What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
    As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
    See all answers
    What do you like most about Invicti?
    The most valuable feature of Invicti is getting baseline scanning and incremental scan.
    See all answers
    What needs improvement with Invicti?
    Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerab...
    See all answers
     

    Comparisons

    SonarQube Server (formerly SonarQube) vs Checkmarx One Logo
    SonarQube Server (formerly SonarQube) vs Checkmarx One
    Compared 39% of the time
    Veracode vs Checkmarx One Logo
    Veracode vs Checkmarx One
    Compared 10% of the time
    Checkmarx SAST vs Checkmarx One Logo
    Checkmarx SAST vs Checkmarx One
    Compared 7% of the time
    OpenText Core Application Security vs Checkmarx One Logo
    OpenText Core Application Security vs Checkmarx One
    Compared 5% of the time
    OWASP Zap vs Checkmarx One Logo
    OWASP Zap vs Checkmarx One
    Compared 5% of the time
    More Checkmarx One Competitors
    Acunetix vs Invicti Logo
    Acunetix vs Invicti
    Compared 19% of the time
    OWASP Zap vs Invicti Logo
    OWASP Zap vs Invicti
    Compared 10% of the time
    Veracode vs Invicti Logo
    Veracode vs Invicti
    Compared 7% of the time
    SonarQube Server (formerly SonarQube) vs Invicti Logo
    SonarQube Server (formerly SonarQube) vs Invicti
    Compared 7% of the time
    Rapid7 AppSpider vs Invicti Logo
    Rapid7 AppSpider vs Invicti
    Compared 3% of the time
    More Invicti Competitors
     

    Product Reports

    Buyer's Guide
    Checkmarx One
    July 2025
    Checkmarx One reportDownload Checkmarx One product report
    Buyer's Guide
    Invicti
    July 2025
    Invicti reportDownload Invicti product report
     

    Also Known As

    No data available
    Netsparker
     

    Overview

    Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

    Checkmarx One offers comprehensive application scanning across the SDLC:

    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • API security
    • Dynamic Application Security Testing (DAST)
    • Container security
    • IaC security
    • Correlation, prioritization, and risk management
    • Codebashing secure code training
    • AI security
    • Tech partnerships extending AppSec into runtime analysis
    • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

    Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

    Checkmarx

    Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

    Invicti
     

    Sample Customers

    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Samsung, The Walt Disney Company, T-Systems, ING Bank
    Buyer's Guide
    Checkmarx One vs. Invicti
    July 2025
    Free Report: Checkmarx One vs. Invicti
    Find out what your peers are saying about Checkmarx One vs. Invicti and other solutions. Updated: July 2025.
    DOWNLOAD NOW
    864,155 professionals have used our research since 2012.
    See our Checkmarx One vs. Invicti report.
    See our list of best Dynamic Application Security Testing (DAST) vendors, best Static Application Security Testing (SAST) vendors, and best API Security vendors.

    We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.