Checkmarx Software Composition Analysis vs Synopsys Software Risk Manager comparison

Checkmarx and Black Duck are both solutions in the Software Composition Analysis (SCA) category. Checkmarx is ranked #8 with an average rating of 9.0, while Black Duck is ranked #27. Checkmarx holds a 2.6% mindshare in SCA, compared to Black Duck’s 0.8% mindshare. Additionally, 100% of Checkmarx users are willing to recommend the solution.

Checkmarx Software Composit...

Read 13 Checkmarx Software Composition Analysis reviews

1,239 Views
546 Comparison Views

100% willing to recommend

Synopsys Software Risk Manager

Read 1 Synopsys Software Risk Manager review

321 Views
26 Comparison Views

0% willing to recommend

Checkmarx Software Composit...

Synopsys Software Risk Manager

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx Software Composition Analysis and Synopsys Software Risk Manager based on real PeerSpot user reviews.

Find out what your peers are saying about Black Duck, Snyk, Veracode and others in Software Composition Analysis (SCA).

To learn more, read our detailed Software Composition Analysis (SCA) Report (Updated: June 2025).

Buyer's Guide

Software Composition Analysis (SCA)

June 2025

Download the complete report

Helped 856,278 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Checkmarx Software Composit...

Ranking in Software Composition Analysis (SCA)

8th

Average Rating

9.0

Reviews Sentiment

7.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Synopsys Software Risk Manager

Ranking in Software Composition Analysis (SCA)

27th

Average Rating

0.0

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (36th), Application Security Posture Management (ASPM) (11th)

Mindshare comparison

As of June 2025, in the Software Composition Analysis (SCA) category, the mindshare of Checkmarx Software Composition Analysis is 2.6%, down from 3.0% compared to the previous year. The mindshare of Synopsys Software Risk Manager is 0.8%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Software Composition Analysis (SCA)

Featured Reviews

Tharindu Malwenna

Senior Application Security Engineer at Wiley

Efficient library identification and upgrade suggestions improve application security

We have many third-party libraries in our organization. I used Checkmarx Software Composition Analysis to identify all the libraries we use and determine whether they are used or unused within the application Checkmarx Software Composition Analysis provides identification of libraries and…

Read full review

Saravanan_Radhakrishnan

Senior Manager at Happiest Minds Technologies

Facilitates continuous assessment of applications, covering both static and dynamic security aspects

Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We were able to reduce the number of vulnerable libraries by 50%, leading to significant operational improvement."

"One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good. It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely."

"It is a stable solution...It is a scalable solution."

"Checkmarx unifies all the features in its service."

"It has improved identification capabilities, scalability, and integration with AI, such as the AI-powered suggestions."

"It is very easy and user friendly. It never requires any kind of technical support. You can do everything on your own."

"What's most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in open-source components, especially if some critical issues exist."

"The product is stable and scalable."

More Checkmarx Software Composition Analysis pros

"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."

Cons

"In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal. The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours."

"The solution could improve by determining the success factor of an upgrade, which is currently lacking."

"I have received complaints from my customers that the pricing could be improved."

"The quality of technical support has decreased over time, and it is not as good as it used to be."

"It can have better licensing models."

"API security is an area with shortcomings that needs improvement."

"The solution could improve by determining the success factor of an upgrade, which is currently lacking."

"Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx."

More Checkmarx Software Composition Analysis cons

"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."

Pricing and Cost Advice

"My customers need to pay for the licensing part, and they need to opt for an annual subscription."

"We don't have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage."

"It is a little bit high priced. It would be better if it was a little less expensive."

"The license model is somewhat perplexing as it comprises multiple aspects that can be confusing for customers. The model is determined by the number of registered users and the number of projects being scanned, along with a third component that adds to the complexity."

"Pricing for Checkmarx Software Composition Analysis needs to be competitive."

"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."

See which vendors are best for you

Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.

See recommendations

856,278 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

36%

Manufacturing Company

12%

Computer Software Company

Educational Organization

Financial Services Firm

19%

Manufacturing Company

14%

Computer Software Company

13%

Government

10%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about Checkmarx Software Composition Analysis?

The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all...

See all answers

What is your experience regarding pricing and costs for Checkmarx Software Composition Analysis?

Pricing is complex and high for small organizations but offers great benefits for larger organizations. It is notably different compared to competitors like GitHub Advanced Security.

See all answers

What needs improvement with Checkmarx Software Composition Analysis?

The solution could improve by determining the success factor of an upgrade, which is currently lacking.

See all answers

What do you like most about Synopsys Code Dx?

The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartne...

See all answers

What is your experience regarding pricing and costs for Synopsys Code Dx?

I would rate the pricing model an eight out of ten, where one is low and ten is high. Because it is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's n...

See all answers

What needs improvement with Synopsys Code Dx?

See all answers

Comparisons

JFrog Xray vs Checkmarx Software Composition Analysis

Compared 38% of the time

Black Duck vs Checkmarx Software Composition Analysis

Compared 27% of the time

Sonatype Lifecycle vs Checkmarx Software Composition Analysis

Compared 8% of the time

Semgrep vs Checkmarx Software Composition Analysis

Compared 8% of the time

Polaris Software Integrity Platform vs Checkmarx Software Composition Analysis

Compared 6% of the time

More Checkmarx Software Composition Analysis Competitors

Veracode vs Synopsys Software Risk Manager

Compared 59% of the time

Checkmarx One vs Synopsys Software Risk Manager

Compared 23% of the time

SonarQube Server (formerly SonarQube) vs Synopsys Software Risk Manager

Compared 18% of the time

More Synopsys Software Risk Manager Competitors

Product Reports

Buyer's Guide

Checkmarx Software Composition Analysis

June 2025

Checkmarx Software Composition Analysis report

Download Checkmarx Software Composition Analysis product report

Buyer's Guide

Application Security Posture Management (ASPM)

June 2025

Download Synopsys Software Risk Manager product report

Also Known As

CxSCA

Code Dx

Overview

Checkmarx Software Composition Analysis (SCA) helps organizations manage the risks associated with open source and third-party components in their software applications. While leveraging open source libraries and third-party dependencies is common practice, it can also introduce security vulnerabilities and license risks.

Checkmarx SCA offers a multifaceted approach to managing these risks by:

Automatically scanning project repositories, build configurations, and manifests to create a comprehensive inventory of all components, including version information and associated licenses.
Performing vulnerability assessments on each component, including identifying and prioritizing actual exploitable or reachable vulnerabilities.
Protecting organizations from software supply chain attacks involving malicious packages, such as the XZ Utils backdoor.
Identifying licenses associated and providing insights into license obligations, restrictions, and potential conflicts.
Integrating seamlessly into existing development workflows and CI/CD pipelines.
Providing actionable remediation guidance to help organizations address identified vulnerabilities and compliance issues effectively.

Checkmarx

Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

Black Duck

Sample Customers

AXA, Liveperson, Aaron's, Playtech, Morningstar

Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".

Buyer's Guide

Software Composition Analysis (SCA)

June 2025

Download Free Report

Find out what your peers are saying about Black Duck, Snyk, Veracode and others in Software Composition Analysis (SCA). Updated: June 2025.

DOWNLOAD NOW

856,278 professionals have used our research since 2012.

See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.