Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Legit Security comparison

Checkmarx and Legit Security are both solutions in the Application Security Posture Management (ASPM) category. Checkmarx is ranked #3 with an average rating of 8.3, while Legit Security is ranked #5 with an average rating of 10.0. Additionally, 87% of Checkmarx users are willing to recommend the solution, compared to 100% of Legit Security users who would recommend it.
Sponsored
Cortex Cloud by Palo Alto N...
Read 1 Cortex Cloud by Palo Alto Networks review
  • 799 Views
  • 48 Comparison Views
100% willing to recommend
Checkmarx One
Read 71 Checkmarx One reviews
  • 18,550 Views
  • 2,783 Comparison Views
87% willing to recommend
Legit Security
Read 4 Legit Security reviews
  • 827 Views
  • 546 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Checkmarx One and Legit Security based on real PeerSpot user reviews.

Find out in this report how the two Application Security Posture Management (ASPM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Checkmarx One vs. Legit Security Report (Updated: September 2025).
Buyer's Guide
Checkmarx One vs. Legit Security
September 2025
Download the complete report
Helped 869,202 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex Cloud by Palo Alto N...
Sponsored
Ranking in Application Security Posture Management (ASPM)
9th
Average Rating
10.0
Reviews Sentiment
8.7
Number of Reviews
1
Ranking in other categories
Vulnerability Management (34th), Cloud Workload Protection Platforms (CWPP) (19th), Cloud Security Posture Management (CSPM) (22nd), Cloud-Native Application Protection Platforms (CNAPP) (16th), Data Security Posture Management (DSPM) (13th), Software Supply Chain Security (14th), Cloud Infrastructure Entitlement Management (CIEM) (7th), Cloud Detection and Response (CDR) (8th)
Checkmarx One
Ranking in Application Security Posture Management (ASPM)
3rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (23rd), Container Security (23rd), Static Code Analysis (3rd), API Security (6th), Dynamic Application Security Testing (DAST) (4th), DevSecOps (5th), Risk-Based Vulnerability Management (10th)
Legit Security
Ranking in Application Security Posture Management (ASPM)
5th
Average Rating
10.0
Reviews Sentiment
7.8
Number of Reviews
4
Ranking in other categories
Software Supply Chain Security (7th)
 

Featured Reviews

PG
Identifies vulnerabilities and enables proactive remediation through AI/ML capabilities
The solution helps me to understand misconfigurations in AWS or Azure cloud environments. It detects misconfigurations, suggests remedial actions, and helps identify vulnerabilities across cloud platforms. It provides action recommendations for CVEs against particular vulnerabilities The tool…
Read full review
Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
Read full review
Tim Crothers - PeerSpot reviewer
Provides strong visibility, straightforward integration, and reduces the risk of attacks
Legit Security is a product that hyper-focuses on the various aspects of the software development pipeline. For example, if an engineer spins off a new project and stands up a new Git project, Legit automatically detects it, connects Snyk and other tools, and ensures the engineering team doesn't have to think about it. This way, we stay on top of security from the beginning. On the other hand, Legit provides a clear view of the controls around repositories. We have standards requiring code reviews and similar practices, and Legit shows us whether these are being followed. Additionally, Legit helps us identify unmaintained repositories, which often arise when engineering teams try something and leave it behind. This knowledge allows us to determine the appropriate action for these neglected projects. One area where Legit falls short is secret detection. While it functions well overall, the feature has a 10-20 percent false positive rate, requiring some manual intervention. Almost everything else works flawlessly. The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates. Unlike traditional programs that require security reviews at specific stages, hindering development flow, we strive to partner with the product engineering team to ship secure code seamlessly within their existing workflows. Legit plays a crucial role in this by automatically notifying us of new projects, eliminating the need for manual communication. This partnership approach, enabled by Legit, allows us to work much closer with our engineering teams than ever before.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Overall, Cortex Cloud by Palo Alto Networks is a technically strong product, and I rate it ten out of ten."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The solution allows us to create custom rules for code checks."
"One of the most valuable features is it is flexible."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
More Checkmarx One pros
"Legit has increased my security posture to a level I couldn't achieve before. I don't need to worry as much about what's happening within my developer environments. I can rest assured that my vulnerabilities are being detected."
"Legit has had a positive effect on our overall security posture."
"The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates."
"We implemented Legit Security to gain visibility into all development teams and ensure that consistent controls are in place and accounted for on every route."
 

Cons

"Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed."
"Updating and debugging of queries is not very convenient."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"The cost per user is high and should be reduced."
"Meta data is always needed."
"Checkmarx could be improved with more integration with third-party software."
"Some were valid and some were not applicable for us based on the scenario."
"Checkmarx needs improvement in its Dynamic Application Security Testing (DAST) and API security features."
More Checkmarx One cons
"One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them."
"Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness."
"I would like them to have their own static code scanner, and I'd like them to have their own open-source software scanners."
"The one we're working on right now is the ability to dynamically rerun development teams and groups."
 

Pricing and Cost Advice

Information not available
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"It is a good product but a little overpriced."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"The tool's pricing is fine."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"It is the right price for quality delivery."
More Checkmarx One pricing and cost advice
"The pricing is reasonable."
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.
See recommendations
869,202 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Performing Arts
14%
Computer Software Company
11%
Manufacturing Company
8%
Financial Services Firm
7%
Financial Services Firm
19%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
Computer Software Company
18%
University
12%
Financial Services Firm
12%
Educational Organization
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise9
Large Enterprise38
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex Cloud by Palo Alto Networks?
The solution is costly, with high-end capabilities suitable for enterprises. It is less affordable for startups or sm...
See all answers
What needs improvement with Cortex Cloud by Palo Alto Networks?
Some aspects of the GUI can be confusing and make it difficult for me to find certain options or navigate where needed.
See all answers
What is your primary use case for Cortex Cloud by Palo Alto Networks?
The solution helps me to understand misconfigurations in AWS or Azure cloud environments. It detects misconfiguration...
See all answers
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
See all answers
What do you like most about Legit Security?
The true value proposition of Legit lies not in its features but in its ability to support our product security progr...
See all answers
What is your experience regarding pricing and costs for Legit Security?
The pricing is reasonable.
See all answers
What needs improvement with Legit Security?
Legit Security's secret detection works. However, there are some limitations to its effectiveness. One issue is that ...
See all answers
 

Comparisons

Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks Logo
Prisma Cloud by Palo Alto Networks vs Cortex Cloud by Palo Alto Networks
Compared 28% of the time
Wiz vs Cortex Cloud by Palo Alto Networks Logo
Wiz vs Cortex Cloud by Palo Alto Networks
Compared 26% of the time
Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks Logo
Microsoft Defender for Cloud vs Cortex Cloud by Palo Alto Networks
Compared 14% of the time
Red Hat Advanced Cluster Security for Kubernetes vs Cortex Cloud by Palo Alto Networks Logo
Red Hat Advanced Cluster Security for Kubernetes vs Cortex Cloud by Palo Alto Networks
Compared 9% of the time
AWS GuardDuty vs Cortex Cloud by Palo Alto Networks Logo
AWS GuardDuty vs Cortex Cloud by Palo Alto Networks
Compared 9% of the time
More Cortex Cloud by Palo Alto Networks Competitors
SonarQube Server (formerly SonarQube) vs Checkmarx One Logo
SonarQube Server (formerly SonarQube) vs Checkmarx One
Compared 44% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 7% of the time
Checkmarx SAST vs Checkmarx One Logo
Checkmarx SAST vs Checkmarx One
Compared 7% of the time
OpenText Core Application Security vs Checkmarx One Logo
OpenText Core Application Security vs Checkmarx One
Compared 4% of the time
GitHub Advanced Security vs Checkmarx One Logo
GitHub Advanced Security vs Checkmarx One
Compared 4% of the time
More Checkmarx One Competitors
Ox Security vs Legit Security Logo
Ox Security vs Legit Security
Compared 20% of the time
Cycode vs Legit Security Logo
Cycode vs Legit Security
Compared 18% of the time
Apiiro vs Legit Security Logo
Apiiro vs Legit Security
Compared 17% of the time
Docker vs Legit Security Logo
Docker vs Legit Security
Compared 17% of the time
ArmorCode vs Legit Security Logo
ArmorCode vs Legit Security
Compared 10% of the time
More Legit Security Competitors
 

Product Reports

Buyer's Guide
Cloud Detection and Response (CDR)
September 2025
Cortex Cloud by Palo Alto Networks reportDownload Cortex Cloud by Palo Alto Networks product report
Buyer's Guide
Checkmarx One
October 2025
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
Legit Security
September 2025
Legit Security reportDownload Legit Security product report
 

Overview

Cortex Cloud by Palo Alto Networks provides comprehensive cybersecurity management, focusing on enhancing security operations with advanced automation and threat intelligence, addressing complex security challenges efficiently.

Cortex Cloud by Palo Alto Networks integrates cloud-scale data analytics and automation to streamline security operations, enabling faster threat detection and response. It leverages AI and machine learning to provide real-time threat intelligence and automate routine tasks, reducing the burden on security teams. Users benefit from improved visibility across networks and greater operational efficiency, making it crucial for enterprises aiming to secure their digital assets against evolving cyber threats.

What are the key features of Cortex Cloud by Palo Alto Networks?

  • Automated Threat Detection: Identifies and mitigates threats in real-time using AI algorithms.
  • Advanced Analytics: Provides in-depth data insights for proactive threat prevention.
  • Incident Management: Streamlines incident response with automated workflows.
  • Scalable Architecture: Offers flexibility to grow with organizational needs.

What benefits or ROI should you expect from Cortex Cloud by Palo Alto Networks reviews?

  • Increased Efficiency: Automation reduces manual efforts in threat management.
  • Enhanced Security Posture: Improved visibility leads to better threat preparedness.
  • Cost Savings: Minimizes expenses related to manual threat detection and response.
  • Scalability: Grows with the organization, reducing the need for constant upgrades.

Cortex Cloud by Palo Alto Networks is favored in sectors like finance, healthcare, and telecommunications, where data security is paramount. Its ability to integrate with existing infrastructure and provide real-time insights makes it a preferred choice for securing sensitive information and ensuring compliance within industry regulations.

Palo Alto Networks

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Legit Security provides application security posture management platform that secures application delivery from code to cloud and protects an organization's software supply chain from attack. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Legit Security
 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Google, NYSE, Kraft-Hienz, Takeda Pharmaceuticals, and many other large enterprise and Fortune 500 customers. Learn more by going to: https://www.legitsecurity.com/...
Buyer's Guide
Checkmarx One vs. Legit Security
September 2025
Free Report: Checkmarx One vs. Legit Security
Find out what your peers are saying about Checkmarx One vs. Legit Security and other solutions. Updated: September 2025.
DOWNLOAD NOW
869,202 professionals have used our research since 2012.
See our Checkmarx One vs. Legit Security report.
See our list of best Application Security Posture Management (ASPM) vendors.

We monitor all Application Security Posture Management (ASPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.