Checkmarx One and OpenText Static Application Security Testing are two prominent solutions in the realm of application security. Checkmarx One seems to have the edge due to its favorable pricing and support, though OpenText Static Application Security Testing is noted for its superior features.
Features: Checkmarx One is appreciated for its comprehensive language support, ease of code scanning without compilation, and accuracy in diagnostics. It offers intuitive navigation and integrates well into CI/CD pipelines. Users also note its effective vulnerability pinpointing. OpenText Static Application Security Testing stands out with its effective integration capabilities, broad application support, and robust security testing features, excelling in identifying vulnerabilities across varied environments.
Room for Improvement: Checkmarx One could improve its scanning process with a focus on reducing false positives and enhancing REST API automation. Users also suggest better documentation and simplified integration. OpenText users recommend improvements in false positive reduction, broader language support, and enhanced dynamic testing features. Usability is a challenge for both, with Checkmarx One users seeking more streamlined scanning and reporting.
Ease of Deployment and Customer Service: Checkmarx One offers deployment flexibility across on-premises and cloud environments. User feedback on customer support is mixed, with some reporting quick, helpful responses. OpenText Static Application Security Testing supports hybrid environments, though user experiences with customer service vary, highlighting slow responses and shallow support depth.
Pricing and ROI: Checkmarx One is perceived as expensive, yet users see value in its security enhancements and ease of deployment. There are calls for more pricing flexibility and licensing clarity. OpenText Static Application Security Testing is also viewed as costly, ideal for large enterprises. Users appreciate the long-term return on investment through enhanced security measures and faster application deployment.
The technical support has been good because we always received answers to our questions.
The customer service and support for Fortify Static Code Analyzer are better than those for LoadRunner.
Fortify Static Code Analyzer integrates well and is scalable.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
I would rate the product stability as an eight.
The stability of Fortify Static Code Analyzer is generally good.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
We would appreciate if the AI could give us more information about improvements and reduce the number of false positives, but this solution doesn't have this function yet.
While it includes all the OWASP top factors, AI has come into the picture, so those updates should also be considered.
It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers.
The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs.
My experience with the pricing, setup costs, and licensing has been good.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
Fortify Static Code Analyzer has the capability of giving fewer false positives compared to other tools.
The most impactful feature of Fortify Static Code Analyzer in identifying vulnerabilities is the ratio of total number of vulnerabilities to false positives.
The most valuable feature of Fortify Static Code Analyzer is its extensive language support, covering many languages from legacy ones to the newest.
| Product | Market Share (%) |
|---|---|
| OpenText Static Application Security Testing | 9.8% |
| Checkmarx One | 13.9% |
| Other | 76.3% |
| Company Size | Count |
|---|---|
| Small Business | 30 |
| Midsize Enterprise | 9 |
| Large Enterprise | 38 |
| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 3 |
| Large Enterprise | 11 |
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
OpenText Static Application Security Testing empowers teams with efficient vulnerability detection and streamlined secure coding practices, offering comprehensive language support and seamless integration with development tools.
OpenText Static Application Security Testing enhances software security during development by accurately identifying vulnerabilities with minimal false positives. It integrates seamlessly with IDEs and CI/CD pipelines, making it highly efficient for early detection of security issues. Users benefit from its easy setup, clear documentation, and centralized portal for managing security findings. Despite facing challenges like high costs and complex configurations for certain languages, its role in facilitating compliance and streamlining secure coding processes is indispensable. Improvements are needed in areas such as outdated design, language support, and integration capabilities to meet evolving user expectations.
What features does OpenText Static Application Security Testing offer?Organizations across diverse sectors implement OpenText Static Application Security Testing primarily to secure applications during development phases. Its integration with tools like GitLab, Jenkins, and Azure DevOps ensures a robust security pipeline. By combining with Sonatype Nexus, secure code, and library management is achieved effectively.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
