We performed a comparison between Mend and Checkmarx based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Mend comes out ahead of Chechmarx. While both possess flexibility and good vulnerability compliance, Checkmarx’s modular licensing and data search tools leave room for improvement.
"The UI is very intuitive and simple to use."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"The user interface is excellent. It's very user friendly."
"The solution is scalable, but other solutions are better."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The user interface is modern and nice to use."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software."
"We set the solution up and enabled it and we had everything running pretty quickly."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently."
"The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"Its ease of use and good results are the most valuable."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"Checkmarx could be improved with more integration with third-party software."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"I would like to see the rate of false positives reduced."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"I would like to see the static analysis included with the open-source version."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"The dashboard UI and UX are problematic."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"The UI is not that friendly and you need to learn how to navigate easily."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Checkmarx One is rated 7.6, while Mend.io is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and OWASP Zap, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and JFrog Xray. See our Checkmarx One vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.