Checkmarx One vs Seeker comparison

Checkmarx and Black Duck are both solutions in the API Security category. Checkmarx is ranked #5 with an average rating of 8.1, while Black Duck is ranked #22. Checkmarx holds a 6.4% mindshare in APIS, compared to Black Duck’s 1.1% mindshare. Additionally, 87% of Checkmarx users are willing to recommend the solution, compared to 100% of Black Duck users who would recommend it.

Checkmarx One

Read 71 Checkmarx One reviews

229 Views
35 Comparison Views

87% willing to recommend

Seeker

Read 1 Seeker review

74 Views
10 Comparison Views

100% willing to recommend

Checkmarx One

Seeker

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and Seeker based on real PeerSpot user reviews.

Find out what your peers are saying about Akamai, F5, Salt Security and others in API Security.

To learn more, read our detailed API Security Report (Updated: June 2025).

Buyer's Guide

API Security

June 2025

Download the complete report

Helped 856,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Checkmarx One

Ranking in API Security

5th

Average Rating

7.6

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (24th), Static Code Analysis (3rd), DevSecOps (4th), Risk-Based Vulnerability Management (9th)

Seeker

Ranking in API Security

22nd

Average Rating

7.0

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

Internet Security (18th), Mobile Threat Defense (14th)

Mindshare comparison

As of June 2025, in the API Security category, the mindshare of Checkmarx One is 6.4%, up from 3.3% compared to the previous year. The mindshare of Seeker is 1.1%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

API Security

Featured Reviews

Syed Hasan

Specialist Leader at Deloitte

Partner experiences excellent technical support and seamless initial setup

In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.

Read full review

San K

Senior Group Leader at Infosys

More effective than dynamic scanners, but is missing useful learning capabilities

One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need. The purposes for which applications are designed may differ in practice in the industry, and because of this, there will always be tools that sometimes report false positives. Thus, there should be some means with which I can customize the way that Seeker learns about our applications, possibly by using some kind of AI / ML capability within the tool that will automatically reduce the number of false positives that we get as we use the tool over time. Obviously, when we first start using the scanning tool there will be false positives, but as it keeps going and as I keep using the tool, there should be a period of time where either the application can learn how to ignore false positives, or I can customize it do so. Adding this type of functionality would definitely prevent future issues when it comes to reporting false positives, and this is a key area that we have already asked the vendor to improve on, in general. On a different note, there is one feature that isn't completely available right now where you can integrate Seeker with an open-source vulnerability scanner or composition analysis tool such as Black Duck. I would very much like this capability to be available to us out-of-the-box, so that we can easily integrate with tools like Black Duck in such a way that any open source components that are used in the front-end are easily identified. I think this would be a huge plus for Seeker. Another feature within Seeker which could benefit from improvement is active verification, which lets you actively verify a vulnerability. This feature currently doesn't work in certain applications, particularly in scenarios where you have requested tokens. When we bought the tool, we didn't realize this and we were not told about it by the vendor, so initially it was a big challenge for us to overcome it and properly begin our deployment.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Vulnerability details is valuable."

"Apart from software scanning, software composition scanning is valuable."

"The solution communicates where to fix the issue for the purpose of less iterations."

"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."

"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."

"The user interface is modern and nice to use."

"Checkmarx offers many valuable features, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IAC), Supply Chain Security, and API Security."

More Checkmarx One pros

"A significant advantage of Seeker is that it is an interactive scanner, and we have found it to be much more effective in reducing the amount of false positives than dynamic scanners such as AppScan, Micro Focus Fortify, etc. Furthermore, with Seeker, we are finding more and more valid (i.e. "true") positives over time compared with the dynamic scanners."

Cons

"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."

"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."

"Checkmarx could improve the REST APIs by including automation."

"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."

"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."

"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."

"Implementing a blackout time for any user or teams: Needs improvement."

"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."

More Checkmarx One cons

"One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need."

Pricing and Cost Advice

"The solution's price is high and you pay based on the number of users."

"It's relatively expensive."

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."

"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."

"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."

"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."

More Checkmarx One pricing and cost advice

"The licensing for Seeker is user-based and for 50 users I believe it costs about $70,000 per year."

See which vendors are best for you

Use our free recommendation engine to learn which API Security solutions are best for your needs.

See recommendations

856,873 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

14%

Manufacturing Company

10%

Government

Financial Services Firm

22%

Government

16%

Computer Software Company

13%

Manufacturing Company

11%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

See all answers

Ask a question

Earn 20 points

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One

Compared 36% of the time

Veracode vs Checkmarx One

Compared 12% of the time

Checkmarx SAST vs Checkmarx One

Compared 6% of the time

Fortify on Demand vs Checkmarx One

Compared 6% of the time

OWASP Zap vs Checkmarx One

Compared 5% of the time

More Checkmarx One Competitors

Contrast Security Assess vs Seeker

Compared 40% of the time

Coverity vs Seeker

Compared 28% of the time

PortSwigger Burp Suite Professional vs Seeker

Compared 17% of the time

More Seeker Competitors

Product Reports

Buyer's Guide

Checkmarx One

June 2025

Download Checkmarx One product report

Buyer's Guide

Internet Security

May 2025

Download Seeker product report

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Seeker®, interactive application security testing (IAST) solution, gives you unparalleled visibility into your modern web, cloud based and microservices based app security posture. It automatically verifies, prioritizes and reports on critical vulnerabilities in real time. It identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, GDPR, CAPEC, and CWE/SANS Top 25). Seeker enables security teams to identify and track sensitive data to ensure that it is handled securely and not stored in log files or databases with weak or no encryption. Seeker’s seamless integration into CI/CD workflows enables fast interactive application security testing at DevOps speed.

Black Duck

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

El Al Airlines and Société Française du Radiotelephone

Find out what your peers are saying about Akamai, F5, Salt Security and others in API Security. Updated: June 2025.

DOWNLOAD NOW

856,873 professionals have used our research since 2012.

See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.