Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Rapid7 InsightVM comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Checkmarx One
Ranking in Risk-Based Vulnerability Management
5th
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd)
Rapid7 InsightVM
Ranking in Risk-Based Vulnerability Management
4th
Average Rating
8.0
Number of Reviews
59
Ranking in other categories
No ranking in other categories
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Shakeel Ahmad - PeerSpot reviewer
Dec 8, 2022
Brilliant audit report and scorecard but scans often get blocked by firewalls
Our company uses the Nexpose automation tools for validity, deactivation, assessment, and penetration testing. We can easily see if something has been exposed and manually focus on or follow main vulnerabilities.  We have 28 users and a JV license key for using the solution in our offline systems…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"The UI is user-friendly."
"Vulnerability details is valuable."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"Both automatic and manual code review (CxQL) are valuable."
"It has all the features we need."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"It is a stable solution."
"This solution's most useful feature is that it is entirely a single-page application."
"InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine."
"The solution scales well."
"Rapid7 have a good distribution network with good support and market presence."
"One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries."
"The most valuable feature for us is the different types of reporting it provides."
"The solution is very user friendly and easy to manage."
 

Cons

"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"I would like to see the rate of false positives reduced."
"Implementing a blackout time for any user or teams: Needs improvement."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console."
"It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform."
"The solution should include a tighter integration with third-party threat modeling and threat intelligence tools."
"In order to be able to properly test the solution and make a decision, I would like to receive the test license code instantly and eliminate the wait time."
"Some difficulties with the online reporting and lack of integrations."
"The reporting is very bad when you compare it with other vulnerability assessment tools."
"Rapid7 InsightVM should improve its threat intelligence."
"Rapid7 could be easier to manage."
 

Pricing and Cost Advice

"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
"The tool's pricing is fine."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"The number of users and coverage for languages will have an impact on the cost of the license."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"The solution's price is high and you pay based on the number of users."
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
"It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself."
"Comparing the price with the value that we receive, I am not happy with it."
"In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7."
"I do not have experience with the pricing of the solution."
"The licensing is asset-based and very straightforward."
"Licensing fees are paid on a yearly basis."
"The solution's pricing is better than Nexus which charges a high amount for very little use."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
812,651 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Educational Organization
39%
Computer Software Company
10%
Financial Services Firm
7%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx is not a cheap solution. For around 250 users or committers, the cost is approximately $500,000. However, the investment is justified considering the potential costs of security breaches ...
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
What do you like most about Rapid7 InsightVM?
The product's initial setup phase was very easy.
 

Also Known As

No data available
InsightVM, NeXpose
 

Learn More

 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Checkmarx One vs. Rapid7 InsightVM and other solutions. Updated: September 2024.
812,651 professionals have used our research since 2012.