Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs ServiceNow Security Operations comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Checkmarx One
Ranking in Risk-Based Vulnerability Management
5th
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd)
ServiceNow Security Operations
Ranking in Risk-Based Vulnerability Management
9th
Average Rating
8.0
Number of Reviews
19
Ranking in other categories
Security Incident Response (2nd), Security Orchestration Automation and Response (SOAR) (9th)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
KishoreKumar4 - PeerSpot reviewer
Jul 22, 2024
A low-cost and open-source tool for incident and change management
If we encounter challenges while deploying, we raise incidents. These incidents are categorized by priority: high, medium, and low. We assign an incident number and notify the relevant teams to address the issue. For instance, if we experience a problem with Cloud services or any other issue, we…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use the solution to validate the source code and do SAST and security analysis."
"The SAST component was absolutely 100% stable."
"The most valuable feature for me is the Jenkins Plugin."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The solution allows us to create custom rules for code checks."
"One of the most valuable features is it is flexible."
"Less false positive errors as compared to any other solution."
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"The ease of use is great."
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"Multiple projects use the ServiceNow tool because it is a low-cost and open-source tool."
"The product has a very simple UI."
"My favorite feature is the application vulnerability scanner."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
 

Cons

"The solution sometimes reports a false auditable code or false positive."
"Checkmarx could improve by reducing the price."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"It is an expensive solution."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"The validation process needs to be sped up."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
"There is room for improvement in terms of developer support and documentation."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"The dashboard and playbook creation will need to improve"
"The threat intelligence module needs a better dashboard."
 

Pricing and Cost Advice

"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"I believe pricing is better compared to other commercial tools."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"The tool's pricing is fine."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"The solution is costly."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"Compared to competitor tools, ServiceNow Security Operations is more affordable"
"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."
"The product is more expensive than other solutions."
"It is an expensive product."
"This product is a good value for the money."
"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
812,628 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Financial Services Firm
20%
Computer Software Company
11%
Government
10%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx is not a cheap solution. For around 250 users or committers, the cost is approximately $500,000. However, the investment is justified considering the potential costs of security breaches ...
What do you like most about ServiceNow Security Operations?
The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product.
What is your experience regarding pricing and costs for ServiceNow Security Operations?
The product is more expensive than other solutions like Archer but offers more features, making the pricing justifiable.
What needs improvement with ServiceNow Security Operations?
One area for improvement for the product is the need to tailor and alter some codes for customization, which can cause issues during upgrades. It does not support customized operations.
 

Learn More

Video not available
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services
Find out what your peers are saying about Checkmarx One vs. ServiceNow Security Operations and other solutions. Updated: September 2024.
812,628 professionals have used our research since 2012.