• Home
  • Checkmarx One vs. Rapid7 InsightVM

Checkmarx One vs Rapid7 InsightVM comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
Checkmarx One
Read 67 Checkmarx One reviews
0 views|22 comparisons
86% willing to recommend
Rapid7 Logo
Rapid7 InsightVM
Read 55 Rapid7 InsightVM reviews
6,202 views|4,105 comparisons
89% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Risk-Based Vulnerability Management
April 2024
Executive Summary

We performed a comparison between Checkmarx One and Rapid7 InsightVM based on real PeerSpot user reviews.

Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management.
To learn more, read our detailed Risk-Based Vulnerability Management Report (Updated: April 2024).
Download the complete report
769,599 professionals have used our research since 2012.
Featured Review
Prakash Ganesan
A good compliance solution that is best suited to small scale applications, and suffers from stability issues
This solution helps to remediate the compliance requirements we have. The product also increases the quality of the code the developers are able to... Read more →
MuhammadMurtaza
Comprehensive vulnerability management with robust set of features, making it highly effective for enhancing security...
It aids in enhancing the overall security posture within our organization. It uncovered numerous vulnerabilities that had been overlooked, which... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled.""The only thing I like is that Checkmarx does not need to compile.""It is a stable product.""The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete.""The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for.""The most valuable features of Checkmarx are the automation and information that it provides in the reports.""It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.""The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."

More Checkmarx One Pros →

"NeXpose is a pretty good vulnerability scanner... There's a nice dashboard.""The most valuable feature for us is the different types of reporting it provides.""The most valuable feature for me is the risk calculation based on monthly effects.""It is a stable solution.""InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine.""It's very scalable.""The remediation project is a pretty effective because it allows us, as clients or countries, to choose specific assets and set limitations on them for a certain period which allows us to track and follow up on those limitations. However, when it comes to real-time monitoring and live dashboards, InsightVM doesn't quite fit the bill. It's not a real-time solution and is not instant.""I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."

More Rapid7 InsightVM Pros →

Cons
"We can run only one project at a time.""The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information.""You can't use it in the continuous delivery pipeline because the scanning takes too much time.""I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time).""Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices.""Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?""It would be really helpful if the level of confidence was included, with respect to identified issues.""Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."

More Checkmarx One Cons →

"The solution needs to improve its vulnerability design to include CVC results.""A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group.""There needs to be much clearer instructions surrounding scanning.""We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me.""They should improve the cybersecurity feature of the solution.""The InsightVM cannot scan if we connect to our customer by the VPN.""The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it.""I would say that it improved our visibility, but it left things open."

More Rapid7 InsightVM Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

    • More Checkmarx One Pricing and Cost Advice →

  • "The price of the solution is less than the competitors."
  • "I do not have experience with the pricing of the solution."
  • "This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
  • "The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the culture of the organization."
  • "Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
  • "The licensing is asset-based and very straightforward."
  • "Its price is too high. My only concern or issue with Rapid7 is its pricing."
  • "Comparing the price with the value that we receive, I am not happy with it."

    • More Rapid7 InsightVM Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
    See Recommendations
    769,599 professionals have used our research since 2012.
    Questions from the Community
    What alternatives are there for Fortify WebInspect and Fortify SCA?
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Read all 4 answers   →
    What do you like most about Checkmarx?
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Checkmarx?
    Top Answer:The solution's price is high and you pay based on the number of users.
    Read all 25 answers   →
    How would you choose between Rapid7 InsightVM and Tenable Nessus?
    Top Answer:You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid7… more »
    Read all 2 answers   →
    What do you like most about Rapid7 InsightVM?
    Top Answer:The product's initial setup phase was very easy.
    Read all 41 answers   →
    What is your experience regarding pricing and costs for Rapid7 InsightVM?
    Top Answer:The product is cheaper than the other similar tools available in the market.
    Read all 31 answers   →
    Ranking
    5th
    out of 39 in Risk-Based Vulnerability Management
    Views
    0
    Comparisons
    22
    Reviews
    21
    Average Words per Review
    513
    Rating
    7.7
    4th
    out of 39 in Risk-Based Vulnerability Management
    Views
    6,202
    Comparisons
    4,105
    Reviews
    20
    Average Words per Review
    376
    Rating
    8.2
    Comparisons
    Also Known As
    InsightVM, NeXpose
    Learn More
    Checkmarx
    Rapid7
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Rapid7 InsightVM is a comprehensive vulnerability management platform that protects your systems from attackers and is easy to scale. The solution provides easy access to vulnerability management, application security, detection and response, external threat intelligence, orchestration and automation, and more. Rapid7 InsightVM is ideal for security, IT, and DevOps teams, helping them reduce risk by enabling them to detect and respond to attacks quickly.

    Rapid7 InsightVM Features

    Rapid7 InsightVM has many valuable key features. Some of the most useful ones include:

    • Automated containment: With this feature, you can decrease exposure from vulnerabilities by automatically implementing temporary (or permanent) compensating controls via your network access control (NAC) systems, firewalls, and endpoint detection and response tools.
    • Policy assessment: Rapid7 InsightVM offers pre-built scan templates for common compliance requirements. The solution helps you take clear, actionable steps to compliance once you have assessed your risk posture. In addition, Rapid7 InsightVM’s Custom Policy Builder allows you to modify existing benchmarks or create new policies from scratch.
    • REST API: Rapid7 InsightVM REST API is easy to use and was built to easily automate virtually any aspect of vulnerability management, from data collection to risk analysis.
    • Live dashboards: Rapid7 InsightVM includes dashboards that are live and interactive by nature. The live dashboards enable you to create custom cards and full dashboards for anyone in your organization and allow you to track progress of your security program.
    • Automation-assisted patching: Rapid7 InsightVM’s automation-assisted patching gives you the autonomy to make key decisions in your patching process, such as your approval to apply certain patches to certain vulnerabilities.
    • Real risk prioritization: Rapid7 InsightVM makes it simple to know which vulnerabilities need to be prioritized and where your riskiest assets lie.
    • Goals and SLA’s: This feature enables you to make and track progress toward your goals and service level agreements (SLAs) at an appropriate pace.

    Rapid7 InsightVM Benefits

    There are many benefits to implementing Rapid7 InsightVM. Some of the biggest advantages the solution offers include:

    • Attack surface monitoring for maintained visibility: By leveraging attack surface monitoring with Project Sonar (a Rapid7 research project that regularly scans the internet to gain insights into global exposure to common vulnerabilities), you can gain more control of all of your external-facing assets, both known and unknown.
    • Container security: Rapid7 InsightVM integrates with your CI/CD tools, public container repositories, and private repositories to assess container images for vulnerabilities during the build process even before they are deployed.
    • Lightweight endpoint agent: Rapid7 InsightVM unifies data so you only need to install a single agent for continuous vulnerability assessment, incident detection, and log data collection.
    • Easily assign and track remediation duties: Using Rapid7 InsightVM, IT and security teams can assign as well as track remediation duties without having to deal with remediation reports, complex spreadsheets, or back-and-forth email tags.
    • Integration with cloud services and virtual infrastructure: Rapid7 InsightVM provides full visibility into risk across your physical, virtual, and cloud infrastructure.
    • Integrated threat feeds: Rapid7 InsightVM is designed with integrated threat feeds, giving you a dynamic view that shows you which threats are most relevant to your environment, enabling you to better protect against current, impending threats so you can react quickly to critical vulnerabilities.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Rapid7 InsightVM solution.

    An owner at a tech services company says, "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."

    PeerSpot user Kimeang S., Technical Consultant at Yip Intsoi, mentions, "The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at."

    A Director of Information Technology at a government explains, "The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Computer Software Company17%
    Financial Services Firm13%
    Comms Service Provider13%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Educational Organization34%
    Computer Software Company11%
    Financial Services Firm7%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise11%
    Large Enterprise72%
    REVIEWERS
    Small Business47%
    Midsize Enterprise20%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise43%
    Large Enterprise41%
    Buyer's Guide
    Risk-Based Vulnerability Management
    April 2024
    Download Free Report
    Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management. Updated: April 2024.
    DOWNLOAD NOW
    769,599 professionals have used our research since 2012.

    Checkmarx One is ranked 5th in Risk-Based Vulnerability Management with 67 reviews while Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 55 reviews. Checkmarx One is rated 7.6, while Rapid7 InsightVM is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VMDR, Tenable Security Center, Microsoft Defender Vulnerability Management and Rapid7 InsightIDR.

    See our list of best Risk-Based Vulnerability Management vendors.

    We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.