We performed a comparison between Checkmarx One and Rapid7 InsightVM based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management."The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"The only thing I like is that Checkmarx does not need to compile."
"It is a stable product."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"NeXpose is a pretty good vulnerability scanner... There's a nice dashboard."
"The most valuable feature for us is the different types of reporting it provides."
"The most valuable feature for me is the risk calculation based on monthly effects."
"It is a stable solution."
"InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine."
"It's very scalable."
"The remediation project is a pretty effective because it allows us, as clients or countries, to choose specific assets and set limitations on them for a certain period which allows us to track and follow up on those limitations. However, when it comes to real-time monitoring and live dashboards, InsightVM doesn't quite fit the bill. It's not a real-time solution and is not instant."
"I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."
"We can run only one project at a time."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"The solution needs to improve its vulnerability design to include CVC results."
"A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group."
"There needs to be much clearer instructions surrounding scanning."
"We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me."
"They should improve the cybersecurity feature of the solution."
"The InsightVM cannot scan if we connect to our customer by the VPN."
"The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it."
"I would say that it improved our visibility, but it left things open."
Checkmarx One is ranked 5th in Risk-Based Vulnerability Management with 67 reviews while Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 55 reviews. Checkmarx One is rated 7.6, while Rapid7 InsightVM is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VMDR, Tenable Security Center, Microsoft Defender Vulnerability Management and Rapid7 InsightIDR.
See our list of best Risk-Based Vulnerability Management vendors.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.