Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Rapid7 InsightVM comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 6, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Average Rating
9.6
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
Vulnerability Management (18th), Continuous Threat Exposure Management (CTEM) (2nd)
Checkmarx One
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (24th), Static Code Analysis (3rd), API Security (5th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
Rapid7 InsightVM
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
64
Ranking in other categories
Risk-Based Vulnerability Management (4th)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
Anusha Sadasivani - PeerSpot reviewer
Rapid deployment and user-friendly architecture streamline vulnerability management but customer support response needs improvement
We are still using Rapid7 InsightVM I personally still use Rapid7 InsightVM. We use Rapid7 InsightVM for vulnerability scanning. It supports both agent-based and agentless scanning, which is part of our vulnerability management strategy. The agentless scan in Rapid7 InsightVM is effective and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Overall, we have seen about eighty-seven percent reduction of the number of vulnerabilities that require urgency to remediate, specifically the number of criticals."
"Zafran is an excellent tool."
"We saw benefits from Zafran Security almost immediately after deploying it."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"Helps us check vulnerabilities in our SAP Fiori application."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The most valuable feature for me is the Jenkins Plugin."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"We use the solution to validate the source code and do SAST and security analysis."
"The most valuable feature is the application tracking reporting."
"The most valuable feature for us is the different types of reporting it provides."
"The cost is what is most valuable. Compared to the other products on the market, the cost is more palatable."
"When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem."
"The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at."
"The reports in Rapid7 InsightVM are useful when compared to competitors."
"The solution's user interface is good and has some vulnerability prioritization."
"The product is scalable."
"It is good and fits well with pretty much all of our use case needs."
 

Cons

"The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvements."
"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"I think the ability to have some enhanced reporting capabilities is something they can improve on, as they have good reports but we have asked for some specific reporting enhancements."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"I would like to see the tool’s pricing improved."
"The pricing can get a bit expensive, depending on the company's size."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"It is an expensive solution."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Reporting could be expanded."
"There are end-user needs and expectations that are being overlooked in the development that could be addressed by appointing a customer advisory board."
"The platform could be more intuitive and user-friendly."
"We have some issues with how it scans patches."
"A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group."
"Rapid7 InsightVM, has impressive capabilities, especially when it comes to managing video equipment. However, we've noticed that Rapid7 also offers a cloud solution called CloudSec, and we don't have that. We think it would be better if InsightVM had all the features for both on-premise and cloud management."
"The product's documentation could be enhanced with clearer and more detailed instructions."
"Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM."
 

Pricing and Cost Advice

Information not available
"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"A full license for the solution is expensive because it is at the organizational level and not by individual users."
"Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
"I do not have experience with the pricing of the solution."
"Comparing the price with the value that we receive, I am not happy with it."
"We purchase annual licenses."
"The solution's pricing is better than Nexus which charges a high amount for very little use."
"It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself."
"Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
11%
Financial Services Firm
11%
Manufacturing Company
7%
Healthcare Company
6%
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
6%
Educational Organization
13%
Financial Services Firm
12%
Computer Software Company
12%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
The current pricing of Zafran Security is fair overall. They were good to work with to accommodate our organization w...
What needs improvement with Zafran Security?
The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvement...
What is your primary use case for Zafran Security?
Zafran Security is helping reduce the amount of critical vulnerabilities in our environments that require prompt reme...
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. Yo...
What do you like most about Rapid7 InsightVM?
The product's initial setup phase was very easy.
What is your experience regarding pricing and costs for Rapid7 InsightVM?
The customers are mostly SMBs, though some enterprise organizations have also deployed the solution. This is neither ...
 

Also Known As

No data available
No data available
InsightVM, NeXpose
 

Overview

 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Checkmarx One vs. Rapid7 InsightVM and other solutions. Updated: June 2025.
861,390 professionals have used our research since 2012.