Checkmarx One and OpenText Static Application Security Testing both compete in the static application security testing category. Checkmarx One seems to have the upper hand due to its robust feature set and fewer false positives, which enhance developer efficiency.
Features: Checkmarx One provides comprehensive vulnerability scanning without needing to compile, supports major programming languages, and offers precise remediation guidance. It integrates well with CI/CD pipelines and source control systems, enhancing efficiency throughout the SDLC. OpenText Static Application Security Testing is effective but lacks some advanced features and flexibility, limiting its potential compared to Checkmarx.
Room for Improvement: Checkmarx One could increase its value by reducing false positives, improving reporting detail, and expanding language support. Improved integration of features like IAST would enhance its effectiveness. OpenText should focus on reducing false positives, enhancing language support, addressing its high pricing, and ensuring more intuitive user interfaces.
Ease of Deployment and Customer Service: Checkmarx offers versatile deployment options, supporting both cloud and on-premises environments. Its technical support is regarded as prompt and knowledgeable. OpenText's focus is primarily on traditional deployment models, with hybrid solutions being less common. Customer service for OpenText is positively reviewed but considered slower in response compared to Checkmarx.
Pricing and ROI: Checkmarx is considered costly, but users find its feature richness justifies the price. Its flexible licensing and ability to reduce application downtime contribute to a positive ROI. OpenText, although also expensive, provides comprehensive components within its licensing, but the cost remains high for small businesses. Both solutions offer potential ROI through improved security and reduced time to market, although Checkmarx's efficiency often provides quicker returns.
The technical support has been good because we always received answers to our questions.
The customer service and support for Fortify Static Code Analyzer are better than those for LoadRunner.
Fortify Static Code Analyzer integrates well and is scalable.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
I would rate the product stability as an eight.
The stability of Fortify Static Code Analyzer is generally good.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
We would appreciate if the AI could give us more information about improvements and reduce the number of false positives, but this solution doesn't have this function yet.
While it includes all the OWASP top factors, AI has come into the picture, so those updates should also be considered.
It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers.
The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs.
My experience with the pricing, setup costs, and licensing has been good.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
Fortify Static Code Analyzer has the capability of giving fewer false positives compared to other tools.
The most impactful feature of Fortify Static Code Analyzer in identifying vulnerabilities is the ratio of total number of vulnerabilities to false positives.
The most valuable feature of Fortify Static Code Analyzer is its extensive language support, covering many languages from legacy ones to the newest.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
OpenText Static Application Security Testing empowers teams with efficient vulnerability detection and streamlined secure coding practices, offering comprehensive language support and seamless integration with development tools.
OpenText Static Application Security Testing enhances software security during development by accurately identifying vulnerabilities with minimal false positives. It integrates seamlessly with IDEs and CI/CD pipelines, making it highly efficient for early detection of security issues. Users benefit from its easy setup, clear documentation, and centralized portal for managing security findings. Despite facing challenges like high costs and complex configurations for certain languages, its role in facilitating compliance and streamlining secure coding processes is indispensable. Improvements are needed in areas such as outdated design, language support, and integration capabilities to meet evolving user expectations.
What features does OpenText Static Application Security Testing offer?Organizations across diverse sectors implement OpenText Static Application Security Testing primarily to secure applications during development phases. Its integration with tools like GitLab, Jenkins, and Azure DevOps ensures a robust security pipeline. By combining with Sonatype Nexus, secure code, and library management is achieved effectively.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
