No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx SAST vs Rapid7 AppSpider comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx SAST
Ranking in Static Application Security Testing (SAST)
21st
Average Rating
7.6
Reviews Sentiment
6.0
Number of Reviews
5
Ranking in other categories
No ranking in other categories
Rapid7 AppSpider
Ranking in Static Application Security Testing (SAST)
30th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx SAST is 1.6%, up from 1.2% compared to the previous year. The mindshare of Rapid7 AppSpider is 0.8%, up from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Mindshare Distribution
ProductMindshare (%)
Checkmarx SAST1.6%
Rapid7 AppSpider0.8%
Other97.6%
Static Application Security Testing (SAST)
 

Featured Reviews

Tharindu Malwenna - PeerSpot reviewer
Senior Application Security Engineer at a newspaper with 5,001-10,000 employees
Has supported early vulnerability detection but requires tuning to reduce false positives and scanning delays
When assessing the accuracy and efficiency of Checkmarx SAST scanning capabilities, they are currently recommending that doing the full scan is the main, correct way of scanning the repositories. However, based on the repository size we have, it sometimes takes more than 10 minutes for larger repositories, which is a downside. The accuracy of the results depends on various factors, as some of the test folders tend to give us false positives, which makes a huge impact on the vulnerabilities. Those are the major things that we have to fine-tune from our end. I would rate Checkmarx SAST around a seven, as it does have some false positives we have to work with, which are the major concerning things. The number of false positives is significant because we cannot implement policies because of this.
HW
Marketing Expert at J's communication
Clients benefit from broad authentication and effective crawling but need localization improvements
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization.…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The detailed reports from Checkmarx SAST help with our security process by showing details about which line is actually vulnerable, which is beneficial for the developers, and I do not have any suggestions or inputs on that area."
"This helps us a lot in identifying vulnerabilities in early stages, and the integration within the IDEs helps developers get the results into their IDE itself, making it easier for them to fix vulnerabilities."
"The most important feature is that Checkmarx protects our company against attacks."
"The CX1 is a unified platform that covers all components such as SAST, SCA, DAST, container scanning, and infrastructure code, which is quite beneficial because some clients need one-stop solutions for all their needs."
"The most important competitive advantage and benefit is the ability to identify vulnerabilities in the source code immediately without needing to complete the coding."
"This solution is a leader in the industry."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"The solution is highly stable, rated at ten out of ten."
"Customer service has been quite good."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"It scans all the components developed within a web application."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"It is really accurate and the rate of false positives is very low."
 

Cons

"The main challenge with Checkmarx SAST is the price. The price is a challenge because Checkmarx SAST is a very big brand, and many mid-sized companies cannot afford it as they are very price-conscious."
"I believe that nothing in particular could be improved about Checkmarx SAST, only the turnaround time and the fact that technical account managers keep moving around, which leads to some lag in communication."
"We had some issues where Checkmarx did not recognize a vulnerability. We had to talk with the vendor, and they had to include an improvement in the tool to resolve this issue."
"The on-premises version is more expensive compared to the cloud version."
"The accuracy of the results depends on various factors, as some of the test folders tend to give us false positives, which makes a huge impact on the vulnerabilities."
"Integration could be better. For example, while doing the scanning, using the recording username and passwords, there are issues."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"Support response times are slow and can be improved."
"This price of this solution is a little bit expensive."
 

Pricing and Cost Advice

Information not available
"The licensing cost depends on the number of users."
"AppSpider is closed-source software and you need to acquire a license in order to use it."
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"The price is pretty fair."
"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
10%
Manufacturing Company
9%
Comms Service Provider
7%
Manufacturing Company
11%
University
10%
Financial Services Firm
10%
Construction Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise2
Large Enterprise1
 

Questions from the Community

What is your experience regarding pricing and costs for Checkmarx SAST?
We were users in a small country, and we paid one consolidated bill for all the tools, so I don't know the specific amount for Checkmarx.
What needs improvement with Checkmarx SAST?
I believe that nothing in particular could be improved about Checkmarx SAST, only the turnaround time and the fact that technical account managers keep moving around, which leads to some lag in com...
What is your primary use case for Checkmarx SAST?
I manage the application security side of the products here, currently utilizing solutions such as Checkmarx, Akamai, Traceable, and Invicti, which are the security scanning tools that we use. In t...
What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
What is your primary use case for Rapid7 AppSpider?
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments.
 

Also Known As

SAST
AppSpider
 

Overview

 

Sample Customers

Information Not Available
Microsoft
Find out what your peers are saying about Checkmarx SAST vs. Rapid7 AppSpider and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.