We performed a comparison between Checkmarx One and JFrog Xray based on real PeerSpot user reviews.
Find out in this report how the two Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has all the features we need."
"From my point of view, it is the best product on the market."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The most valuable feature for me is the Jenkins Plugin."
"The value you can get out of the speedy production may be worth the price tag."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"Good reporting functionalities."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The solution is stable and reliable."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"If it is a very large code base then we have a problem where we cannot scan it."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"I would like to see the rate of false positives reduced."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"JFrog Xray's documentation and error logging could be improved."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray does not have a dashboard."
"Lacks deeper reporting, the ability to compare things."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"The speed of JFrog Xray should improve. Other solutions have better performance."
Checkmarx One is ranked 11th in Vulnerability Management with 67 reviews while JFrog Xray is ranked 17th in Vulnerability Management with 7 reviews. Checkmarx One is rated 7.6, while JFrog Xray is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Veracode and Trivy. See our Checkmarx One vs. JFrog Xray report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.