No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx One vs Salt Security comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in API Security
4th
Ranking in AI Security
3rd
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
81
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Vulnerability Management (15th), Container Security (14th), Static Code Analysis (2nd), Dynamic Application Security Testing (DAST) (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (11th), Application Security Posture Management (ASPM) (3rd)
Salt Security
Ranking in API Security
5th
Ranking in AI Security
21st
Average Rating
8.6
Reviews Sentiment
8.5
Number of Reviews
3
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the API Security category, the mindshare of Checkmarx One is 6.7%, up from 6.1% compared to the previous year. The mindshare of Salt Security is 6.9%, down from 12.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
API Security Mindshare Distribution
ProductMindshare (%)
Checkmarx One6.7%
Salt Security6.9%
Other86.4%
API Security
 

Featured Reviews

Shahzad Shahzad - PeerSpot reviewer
Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution
Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance
Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.
Tbaker Baker - PeerSpot reviewer
Risk Advisory Senior Manager at a marketing services firm with 1,001-5,000 employees
Behavioral AI has protected critical applications and now blocks complex external attacks
I think Salt Security could improve their implementations. The one that I saw was very complex and took quite a bit of time, and if the environment is unique at all, it takes quite a bit of time to figure out how to properly ensure that it will be implemented. A lot of times there is a steep learning curve for someone that hasn't been in it to figure out the APIs and really dig deep into it, but once you get used to it, it is easy. However, that ramp-up period could be tough. I think Salt Security could use a more enterprise focus. Some of the smaller companies that I have referred them to think it is a little bit too complex for them, so if they could come up with a different version or something a little bit easier to simplify their platform, they may be able to find more customers that way.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"One of the most valuable features is it is flexible."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"Providing the scanning ability that shows the errors at the source code level is critical to have effective development of any critical application."
"The visibility the solution gives you is great; it really gives you the ability to see what the root issues in the code actually are."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"Both automatic and manual code review (CxQL) are valuable."
"Checkmarx One has positively impacted our organization as we tend to find vulnerabilities very early in the development cycle."
"Helps us check vulnerabilities in our SAP Fiori application."
"Salt Security has positively impacted my organization and my client's organization by being able to stop cyberattacks and ensure that they have proper security over all their applications, giving them a sense of peace of mind that they have security over something that could ultimately take down the whole company if not mitigated properly."
"Salt Security gives you visibility of all your APIs, identifies API security issues, and immediately alerts you of attacks."
"Salt Security gave me much better visibility into API risk, helping me identify exposed endpoints, misconfigured APIs, and sensitive data flowing through APIs that required additional controls, and it has become an important part of my API security program."
"It's really great. I would rate the stability a nine out of ten. I haven't encountered any instability issues."
 

Cons

"Micro-services need to be included in the next release."
"When we have many applications to check, I need to wait a long time in the queue."
"Checkmarx could be improved with more integration with third-party software."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"Checkmarx is not good because it has too many false positive issues."
"The setup cost was acceptable, but adding additional APIs was actually quite expensive."
"The integration part could be a bit extended."
"Regarding scalability, for users in smaller environments, it is not exactly the best."
 

Pricing and Cost Advice

"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"It's relatively expensive."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
"It is an expensive solution."
"The solution is costly."
Information not available
report
Use our free recommendation engine to learn which API Security solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Manufacturing Company
9%
Computer Software Company
8%
Government
5%
Computer Software Company
16%
Manufacturing Company
16%
Construction Company
8%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business32
Midsize Enterprise9
Large Enterprise46
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additional applications and users. I advise negotiating multi-year contracts or bundle...
What is your experience regarding pricing and costs for Salt Security?
The setup cost was acceptable, but adding additional APIs was actually quite expensive.
What needs improvement with Salt Security?
Alert tuning can require some time depending on API volume. Some findings need internal validation before actioning. The collaboration flows between security and engineering teams could be expanded...
What is your primary use case for Salt Security?
I use Salt Security primarily for API discovery, mainly regarding data-sensitive information across the company. Before using Salt Security for API discovery and sensitive information, I didn't hav...
 

Also Known As

No data available
Salt Security API Protection Platform
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Appsflyer, Armis, City National Bank, Coralogix, Finastra, Gett, Honeybook, Payoneer
Find out what your peers are saying about Checkmarx One vs. Salt Security and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.