We performed a comparison between Checkmarx One and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI is very intuitive and simple to use."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"Both automatic and manual code review (CxQL) are valuable."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"Its ability to crawl a web application is quite different than another similar scanner."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"The scanner is light on the network and does not impact the network when scans are running."
"Invicti is a good product, and its API testing is also good."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"The solution generates reports automatically and quickly."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"I would like to see the rate of false positives reduced."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"I would like to see the DAST solution in the future."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The scannings are not sufficiently updated."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"Invicti takes too long with big applications, and there are issues with the login portal."
"Maybe the ability to make a good reporting format is needed."
"Right now, they are missing the static application security part, especially web application security."
"The custom attack preparation screen might be improved."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Checkmarx One is rated 7.6, while Invicti is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning and SonarQube. See our Checkmarx One vs. Invicti report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.