Checkmarx One vs The Fastly Next-Gen WAF (powered by Signal Sciences) comparison

The compared Checkmarx and Fastly solutions aren't in the same category. Checkmarx is ranked #3 in AS , with an average rating of 8.3, and holds a 9.9% mindshare in the category. Fastly is ranked #28 in WAF , with an average rating of 7.5, and holds a 1.0% mindshare. Additionally, 87% of Checkmarx users are willing to recommend the solution, compared to 50% of Fastly users who would recommend it.

Checkmarx One

Read 71 Checkmarx One reviews

21,636 Views
17,525 Comparison Views

87% willing to recommend

The Fastly Next-Gen WAF (po...

Read 3 The Fastly Next-Gen WAF (powered by Signal Sciences) reviews

830 Views
672 Comparison Views

50% willing to recommend

Checkmarx One

The Fastly Next-Gen WAF (po...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and The Fastly Next-Gen WAF (powered by Signal Sciences) based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.

To learn more, read our detailed Application Security Tools Report (Updated: July 2025).

Buyer's Guide

Application Security Tools

July 2025

Download the complete report

Helped 862,624 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Checkmarx One

Average Rating

7.6

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (24th), Static Code Analysis (3rd), API Security (5th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)

The Fastly Next-Gen WAF (po...

Average Rating

7.6

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Web Application Firewall (WAF) (28th)

Mindshare comparison

Checkmarx One and The Fastly Next-Gen WAF (powered by Signal Sciences) aren’t in the same category and serve different purposes. Checkmarx One is designed for Application Security Tools and holds a mindshare of 9.9%, down 14.3% compared to last year.
The Fastly Next-Gen WAF (powered by Signal Sciences), on the other hand, focuses on Web Application Firewall (WAF), holds 1.0% mindshare, up 0.7% since last year.

Application Security Tools

Web Application Firewall (WAF)

Featured Reviews

Syed Hasan

Specialist Leader at Deloitte

Partner experiences excellent technical support and seamless initial setup

In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.

Read full review

Shashank N

Security Engineer-DevSecOps at a computer software company with 51-200 employees

Provides good stability, but the agent-based approach could be more convenient

The areas that could be improved in Signal Sciences include the effectiveness of rules, as many didn't function optimally and required custom rule-writing to address bypasses for WAF. Additionally, the agent-based approach presents challenges with managing agents across versions and dependencies on specific application platforms like Apache or NGINX, leading to compatibility issues and complexity in integration. This agent-based system proved particularly difficult to manage.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."

"The most valuable feature is the simple user interface."

"We use the solution for dynamic application testing."

"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."

"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."

"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."

"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."

"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."

More Checkmarx One pros

"Fastly (Signal Sciences) integrates and tags the intermittent traffic based on patterns. It generates signals and provides them in a dashboard where we can view them and decide whether to allow or deny traffic. It's a more advanced and easy-to-navigate dashboard."

"The product's most valuable feature is its ability to set up the rules easily."

"When configuring a web application firewall using Signal Sciences, we configure a rule whereby no one except a few people can access the application."

Cons

"Micro-services need to be included in the next release."

"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."

"If it is a very large code base then we have a problem where we cannot scan it."

"I can't create a business case with multiple-factor authentication."

"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."

"Checkmarx could improve the speed of the scans."

"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."

"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."

More Checkmarx One cons

"Even if we create some custom rules, Signal Sciences cannot capture some of the malicious traffic."

"Fastly don't support caching for China users. That's the only feature lacking compared to Akamai."

"The areas that could be improved in Signal Sciences include the effectiveness of rules, as many didn't function optimally and required custom rule-writing to address bypasses for WAF."

Pricing and Cost Advice

"It is a good product but a little overpriced."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

"We have purchased an annual license to use this solution. The price is reasonable."

"The solution is costly."

"The number of users and coverage for languages will have an impact on the cost of the license."

"It is an expensive solution."

"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."

"The solution's price is high and you pay based on the number of users."

More Checkmarx One pricing and cost advice

"The product has an affordable cost."

"The pricing is 50% less than Akamai."

"Signal Sciences is pretty cheap compared to other solutions."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

862,624 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

20%

Computer Software Company

14%

Manufacturing Company

10%

Government

Computer Software Company

13%

Manufacturing Company

11%

Financial Services Firm

11%

Healthcare Company

10%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

See all answers

What do you like most about Signal Sciences?

The product's most valuable feature is its ability to set up the rules easily.

See all answers

What is your experience regarding pricing and costs for Signal Sciences?

The pricing is 50% less than Akamai.

See all answers

What needs improvement with Signal Sciences?

Fastly don't support caching for China users. That's the only feature lacking compared to Akamai.

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One

Compared 38% of the time

Veracode vs Checkmarx One

Compared 11% of the time

Checkmarx SAST vs Checkmarx One

Compared 7% of the time

OpenText Core Application Security vs Checkmarx One

Compared 5% of the time

OWASP Zap vs Checkmarx One

Compared 5% of the time

More Checkmarx One Competitors

Cloudflare vs The Fastly Next-Gen WAF (powered by Signal Sciences)

Compared 18% of the time

AWS WAF vs The Fastly Next-Gen WAF (powered by Signal Sciences)

Compared 15% of the time

Azure Front Door vs The Fastly Next-Gen WAF (powered by Signal Sciences)

Compared 11% of the time

Cloudflare Web Application Firewall vs The Fastly Next-Gen WAF (powered by Signal Sciences)

Compared 9% of the time

F5 Advanced WAF vs The Fastly Next-Gen WAF (powered by Signal Sciences)

Compared 8% of the time

More The Fastly Next-Gen WAF (powered by Signal Sciences) Competitors

Product Reports

Buyer's Guide

Checkmarx One

July 2025

Download Checkmarx One product report

Buyer's Guide

Web Application Firewall (WAF)

July 2025

The Fastly Next-Gen WAF (powered by Signal Sciences) report

Download The Fastly Next-Gen WAF (powered by Signal Sciences) product report

Also Known As

No data available

Signal Sciences Next-Gen WAF, Signal Sciences RASP

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

The Fastly Next-Gen WAF (powered by Signal Sciences) provides web application and API protection, RASP, rate limiting, bot protection and DDoS purpose built to eliminate the challenges of legacy WAF.

Fastly

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Chef, Adobe, Datadog, Etsy, GrubHub, Vimeo, SendGrid, Under Armour, Duo, AppNexus

Buyer's Guide

Application Security Tools

July 2025

Download Free Report

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: July 2025.

DOWNLOAD NOW

862,624 professionals have used our research since 2012.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.