Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs PyCharm comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Checkmarx One
Ranking in Static Code Analysis
2nd
Average Rating
7.6
Number of Reviews
69
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (16th), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
PyCharm
Ranking in Static Code Analysis
7th
Average Rating
8.8
Number of Reviews
10
Ranking in other categories
No ranking in other categories
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Srujan Panuganti - PeerSpot reviewer
Nov 16, 2022
Convenient to use and surely increases the effectiveness of software development
Our company uses the solution for software projects with robotic operating systems. Software that we build is very complex in usage.  The solution has a nice environment and extensions that make it easy to develop software. A good repository of packages can be installed easily and used quickly.…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"Apart from software scanning, software composition scanning is valuable."
"The solution allows us to create custom rules for code checks."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The solution is scalable, but other solutions are better."
"We use the solution to validate the source code and do SAST and security analysis."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The best feature of PyCharm is that it gives you hints whenever it detects any issues while you are coding. This is important because it helps us code faster and without any errors."
"The solution has a great debugging feature."
"The automated package installation is helpful. I like the code highlighting features. A huge library of plugins is available, including AI coding tools, though I don't use those myself. The debugging tools are good, showing errors and problem lines."
"The solution has a nice environment and extensions that make it easy to develop software."
"We have integrated the tool with GitHub. PyCharm provides easy integration with GitHub, allowing us to push changes directly. Many plugins are available on PyCharm for GitHub integration, including GitHub Copilot for auto code completion and GitHub Copilot Chat for assistance with code-related queries."
"Good syntax highlighting and very it's very customizable."
"The recent AI-powered code completion is pretty cool."
"It is an excellent, fully integrated IDE with smart code analysis capability and a built-in debugger. It is a fantastic tool."
 

Cons

"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Checkmarx needs improvement in its Dynamic Application Security Testing (DAST) and API security features."
"I can't create a business case with multiple-factor authentication."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"The solution is heavy because running it on laptops consumes a lot of memory and power. Typically, a laptop battery might last about eight to nine hours, but with the tool running, it reduces to two hours or one and a half hours at most. It is designed to handle large projects and heavy tasks, making it resource-intensive. For smaller projects, use IDEs like Visual Studio Code."
"The solution does not support some features of OpenCV even though it is part of a PyCharm package."
"There is room for improvement in memory usage. It uses too much memory. It can get a bit heavy, especially when you have too many open files and the system becomes very slow."
"The user interface and overall user experience could be more intuitive to make it easier for users to navigate and utilize the software effectively."
"Customizing the tool can make it complicated."
"There should be support for the RUST plugin in the Community edition for debugging."
"PyCharm's use of system resources can get pretty heavy. Loading, in particular, takes longer than I would like and I think they should optimize it so that it's a bit lighter on the system."
"They should improve the product's interactiveness."
 

Pricing and Cost Advice

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"I believe pricing is better compared to other commercial tools."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"It is an expensive solution."
"It is a good product but a little overpriced."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"The community edition is free, which is good."
"The price is reasonable."
"They have a free Community edition, and they also have a licensed version. They definitely have an annual license. They probably also have a monthly license. Its pricing is good and reasonable. It is a little bit more expensive than the others, but it is well worth it. I would rate it a four out of five in terms of pricing."
"The community edition is free and the professional edition has a licensing fee."
"I use the free community version, so I'm saving money there."
"I don't have much info on the pricing, but I would say it is somewhat competitive."
report
Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.
807,508 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx is not a cheap solution. For around 250 users or committers, the cost is approximately $500,000. However, the investment is justified considering the potential costs of security breaches ...
What do you like most about PyCharm?
The integrated code structure makes coding more organized and manageable compared to using Python alone.
What needs improvement with PyCharm?
Customizing the tool can make it complicated.
What is your primary use case for PyCharm?
I use PyCharm as my main IDE for Python coding.
 

Comparisons

No data available
 

Learn More

Video not available
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Checkmarx One vs. PyCharm and other solutions. Updated: September 2024.
807,508 professionals have used our research since 2012.