Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Software Risk Manager ASPM comparison

Checkmarx and Black Duck are both solutions in the Application Security Posture Management (ASPM) category. Additionally, 87% of Checkmarx users are willing to recommend the solution.
Checkmarx One
Read 71 Checkmarx One reviews
    87% willing to recommend
    Software Risk Manager ASPM
    Read 1 Software Risk Manager ASPM review
    • 715 Views
    • 272 Comparison Views
    0% willing to recommend
     

    Comparison Buyer's Guide

    Download the report
    Executive SummaryUpdated on Sep 15, 2025

    Checkmarx One and Software Risk Manager ASPM compete in application security, with Checkmarx One having an advantage in threat analysis and integration, while Software Risk Manager ASPM excels in risk management solutions.

    Features:Checkmarx One offers extensive code analysis, real-time feedback for developers, and seamless integration with various development environments. Software Risk Manager ASPM is known for predictive risk assessment, strategic security planning, and robust risk management capabilities.

    Ease of Deployment and Customer Service:Checkmarx One provides cloud-based deployment, minimizing setup time, with comprehensive support options. Software Risk Manager ASPM enables localized server installation for specific regulations, offering responsive and personalized customer service.

    Pricing and ROI:Checkmarx One has a flexible pricing model emphasizing long-term ROI through security efficiency, with its comprehensive coverage balancing higher initial costs. Software Risk Manager ASPM features a modular pricing structure, allowing tailored feature selection for focused risk management, providing attractive ROI with cost control.

    DOWNLOAD THE COMPLETE REPORT
    To learn more, read our detailed Application Security Posture Management (ASPM) Report (Updated: September 2025).
    Buyer's Guide
    Application Security Posture Management (ASPM)
    September 2025
    Download the complete report
    Helped 867,826 peers since 2012

    Review summaries and opinions

    We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
     

    Categories and Ranking

    Checkmarx One
    Ranking in Static Application Security Testing (SAST)
    3rd
    Average Rating
    7.6
    Reviews Sentiment
    6.9
    Number of Reviews
    71
    Ranking in other categories
    Application Security Tools (3rd), Vulnerability Management (23rd), Container Security (22nd), Static Code Analysis (3rd), API Security (5th), Dynamic Application Security Testing (DAST) (4th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
    Software Risk Manager ASPM
    Ranking in Static Application Security Testing (SAST)
    34th
    Average Rating
    0.0
    Reviews Sentiment
    7.0
    Number of Reviews
    1
    Ranking in other categories
    Software Composition Analysis (SCA) (27th), Application Security Posture Management (ASPM) (11th)
     

    Featured Reviews

    Syed Hasan - PeerSpot reviewer
    Partner experiences excellent technical support and seamless initial setup
    In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
    Read full review
    Saravanan_Radhakrishnan - PeerSpot reviewer
    Facilitates continuous assessment of applications, covering both static and dynamic security aspects
    Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.
    Read full review

    Quotes from Members

    We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
     

    Pros

    "The most valuable features of Checkmarx are the automation and information that it provides in the reports."
    "The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
    "Both automatic and manual code review (CxQL) are valuable."
    "It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
    "We use the solution to validate the source code and do SAST and security analysis."
    "The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process."
    "The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
    "The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
    More Checkmarx One pros
    "The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
     

    Cons

    "The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
    "The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
    "Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
    "Its user interface could be improved and made more friendly."
    "The integration could improve by including, for example, DevSecOps."
    "I would like to see the rate of false positives reduced."
    "We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
    "They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
    More Checkmarx One cons
    "The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
     

    Pricing and Cost Advice

    "Be cautious of the one-year subscription date. Once it expires, your price will go up."
    "The solution is costly."
    "I believe pricing is better compared to other commercial tools."
    "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
    "For around 250 users or committers, the cost is approximately $500,000."
    "This solution is expensive. The customized package allows you to buy additional users at any time."
    "It is an expensive solution."
    "The price of Checkmarx could be reduced to match their competitors, it is expensive."
    More Checkmarx One pricing and cost advice
    "It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."
    report
    See which vendors are best for you
    Use our free recommendation engine to learn which Application Security Posture Management (ASPM) solutions are best for your needs.
    See recommendations
    867,826 professionals have used our research since 2012.
     

    Top Industries

    By visitors reading reviews
    Financial Services Firm
    19%
    Computer Software Company
    13%
    Manufacturing Company
    10%
    Government
    6%
    Financial Services Firm
    18%
    Manufacturing Company
    12%
    Government
    9%
    Computer Software Company
    9%
     

    Company Size

    By reviewers
    Large Enterprise
    Midsize Enterprise
    Small Business
    By reviewers
    Company SizeCount
    Small Business30
    Midsize Enterprise9
    Large Enterprise38
    No data available
     

    Questions from the Community

    What alternatives are there for Fortify WebInspect and Fortify SCA?
    I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    See all answers
    What do you like most about Checkmarx?
    Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    See all answers
    What is your experience regarding pricing and costs for Checkmarx?
    The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
    See all answers
    What do you like most about Synopsys Code Dx?
    The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartne...
    See all answers
    What is your experience regarding pricing and costs for Synopsys Code Dx?
    I would rate the pricing model an eight out of ten, where one is low and ten is high. Because it is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's n...
    See all answers
    What needs improvement with Synopsys Code Dx?
    Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer migh...
    See all answers
     

    Comparisons

    SonarQube Server (formerly SonarQube) vs Checkmarx One Logo
    SonarQube Server (formerly SonarQube) vs Checkmarx One
    Compared 42% of the time
    Veracode vs Checkmarx One Logo
    Veracode vs Checkmarx One
    Compared 8% of the time
    Checkmarx SAST vs Checkmarx One Logo
    Checkmarx SAST vs Checkmarx One
    Compared 7% of the time
    OpenText Core Application Security vs Checkmarx One Logo
    OpenText Core Application Security vs Checkmarx One
    Compared 5% of the time
    OWASP Zap vs Checkmarx One Logo
    OWASP Zap vs Checkmarx One
    Compared 4% of the time
    More Checkmarx One Competitors
    Veracode vs Software Risk Manager ASPM Logo
    Veracode vs Software Risk Manager ASPM
    Compared 37% of the time
    SonarQube Server (formerly SonarQube) vs Software Risk Manager ASPM Logo
    SonarQube Server (formerly SonarQube) vs Software Risk Manager ASPM
    Compared 18% of the time
    Acunetix vs Software Risk Manager ASPM Logo
    Acunetix vs Software Risk Manager ASPM
    Compared 15% of the time
    Semgrep vs Software Risk Manager ASPM Logo
    Semgrep vs Software Risk Manager ASPM
    Compared 15% of the time
    PortSwigger Burp Suite Professional vs Software Risk Manager ASPM Logo
    PortSwigger Burp Suite Professional vs Software Risk Manager ASPM
    Compared 14% of the time
    More Software Risk Manager ASPM Competitors
     

    Product Reports

    Buyer's Guide
    Checkmarx One
    September 2025
    Checkmarx One reportDownload Checkmarx One product report
    Buyer's Guide
    Application Security Posture Management (ASPM)
    September 2025
    Software Risk Manager ASPM reportDownload Software Risk Manager ASPM product report
     

    Also Known As

    No data available
    Code Dx
     

    Overview

    Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

    Checkmarx One offers comprehensive application scanning across the SDLC:

    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • API security
    • Dynamic Application Security Testing (DAST)
    • Container security
    • IaC security
    • Correlation, prioritization, and risk management
    • Codebashing secure code training
    • AI security
    • Tech partnerships extending AppSec into runtime analysis
    • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

    Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

    Checkmarx

    Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

    Black Duck
     

    Sample Customers

    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".
    Buyer's Guide
    Application Security Posture Management (ASPM)
    September 2025
    Download Free Report
    Find out what your peers are saying about Snyk, Veracode, CrowdStrike and others in Application Security Posture Management (ASPM). Updated: September 2025.
    DOWNLOAD NOW
    867,826 professionals have used our research since 2012.

    We monitor all Application Security Posture Management (ASPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.