IT Central Station is now PeerSpot: Here's why

Checkmarx Software Composition Analysis vs JFrog Xray comparison

Cancel
You must select at least 2 products to compare!
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is very easy and user friendly. It never requires any kind of technical support. You can do everything on your own.""One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good. It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely.""What's most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in open-source components, especially if some critical issues exist.""What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start. In the traditional approach, an enterprise or company validates the solution before launching to a production environment, but in the modern approach, security must be checked and provided from the beginning and from the design, and this is where Checkmarx Software Composition Analysis comes in. The solution helps you make sure that every open-source application that you use is secure, and that there's no vulnerability inside that open-source application."

More Checkmarx Software Composition Analysis Pros →

"Good reporting functionalities."

More JFrog Xray Pros →

Cons
"It can have better licensing models.""Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx.""In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal. The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours.""Instant updates for end users to identify vulnerabilities as soon as possible will make Checkmarx Software Composition Analysis better. The UI of the solution could also be improved."

More Checkmarx Software Composition Analysis Cons →

"Lacks deeper reporting, the ability to compare things."

More JFrog Xray Cons →

Pricing and Cost Advice
  • "It is a little bit high priced. It would be better if it was a little less expensive."
  • "Pricing for Checkmarx Software Composition Analysis needs to be competitive."
  • More Checkmarx Software Composition Analysis Pricing and Cost Advice →

    Information Not Available
    report
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    619,967 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take… more »
    Top Answer:It is a little bit high priced. It would be better if it was a little less expensive.
    Top Answer:Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are… more »
    Top Answer:Good reporting functionalities.
    Top Answer:I'd like to see deeper reporting, they're pretty basic and there are no categories for comparing things. I'd also like to see an improvement with the documentation, there's not much available on their… more »
    Top Answer:I'm using this solution for scanning artifacts related to the Jfrog Artifactory. I'm scanning them, checking licenses and things like that. I'm a DevOps engineer intern and we are customers of JFrog.
    Ranking
    Views
    1,576
    Comparisons
    1,326
    Reviews
    3
    Average Words per Review
    413
    Rating
    8.7
    Views
    6,112
    Comparisons
    5,070
    Reviews
    1
    Average Words per Review
    211
    Rating
    8.0
    Comparisons
    Also Known As
    CxSCA
    Learn More
    Overview

    Today's software is constructed using open source components and third-party libraries, tied together with custom code. Hackers target vulnerable open source components to access sensitive and valuable data, while data protection regulations become more stringent in an effort to encourage better software security practices. While all this is happening, DevOps is taking the world by storm and the burden of securing software is rapidly expanding under the purview of the developers who create it.

    Trust us, we get it. You're caught between a strong desire to innovate and a sincere dislike of having your company’s name on the news as “the most recent data breach.”

    That's why we made CxSCA, the most effective next-gen software composition analysis solution designed to help development teams ship secure software quickly while giving AppSec teams the insight and control they need to improve your software security risk posture.

    JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

    If you are a team player and you care and you play to WIN, we have just the job you're looking for.

    As we say at JFrog: "Once You Leap Forward You Won't Go Back!"​

    Offer
    Learn more about Checkmarx Software Composition Analysis
    Try it Now

    Enjoy a free DevOps platform cloud subscription

    Sample Customers
    AXA, Liveperson, Aaron's, Playtech, Morningstar
    google, amazon, cisco, netflix, oracle, vmware, facebook
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm27%
    Computer Software Company22%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Computer Software Company22%
    Financial Services Firm19%
    Comms Service Provider10%
    Manufacturing Company7%
    Company Size
    VISITORS READING REVIEWS
    Small Business12%
    Midsize Enterprise15%
    Large Enterprise73%
    VISITORS READING REVIEWS
    Small Business13%
    Midsize Enterprise13%
    Large Enterprise74%
    Buyer's Guide
    Software Composition Analysis (SCA)
    July 2022
    Find out what your peers are saying about Snyk, GitLab, Mend and others in Software Composition Analysis (SCA). Updated: July 2022.
    619,967 professionals have used our research since 2012.

    Checkmarx Software Composition Analysis is ranked 10th in Software Composition Analysis (SCA) with 4 reviews while JFrog Xray is ranked 9th in Software Composition Analysis (SCA) with 1 review. Checkmarx Software Composition Analysis is rated 9.0, while JFrog Xray is rated 8.0. The top reviewer of Checkmarx Software Composition Analysis writes "Has a straightforward setup, identifies vulnerabilities, and offers good technical support". On the other hand, the top reviewer of JFrog Xray writes "Stable, scalable and offers great reporting functionalities". Checkmarx Software Composition Analysis is most compared with Black Duck, Fortify Static Code Analyzer, FOSSA, Sonatype Nexus Lifecycle and Mend, whereas JFrog Xray is most compared with Black Duck, Snyk, Sonatype Nexus Lifecycle, Fortify Static Code Analyzer and FOSSA.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.