Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs NowSecure comparison

Checkmarx and NowSecure are both solutions in the Static Application Security Testing (SAST) category. Checkmarx is ranked #3 with an average rating of 7.7, while NowSecure is ranked #37. Checkmarx holds a 9.8% mindshare in SAST, compared to NowSecure’s 0.2% mindshare. Additionally, 87% of Checkmarx users are willing to recommend the solution, compared to 100% of NowSecure users who would recommend it.
Checkmarx One
Read 70 Checkmarx One reviews
  • 20,761 Views
  • 14,081 Comparison Views
87% willing to recommend
NowSecure
Read 1 NowSecure review
  • 373 Views
  • 231 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Checkmarx One and NowSecure based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: April 2025).
Buyer's Guide
Static Application Security Testing (SAST)
April 2025
Download the complete report
Helped 850,760 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (24th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (10th)
NowSecure
Ranking in Static Application Security Testing (SAST)
37th
Average Rating
7.0
Reviews Sentiment
7.2
Number of Reviews
1
Ranking in other categories
Mobile App Testing Tools (18th)
 

Mindshare comparison

As of May 2025, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 9.8%, down from 12.9% compared to the previous year. The mindshare of NowSecure is 0.2%, down from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Read full review
AN
Scalable and reliable, but dynamic analysis needs improvement
I would advise others when testing using NowSecure to do secondary tests with other tools. For example, set it up in the local environment and recheck what the results of the reports are. Since the dynamic results are less accurate, I would suggest using static analysis. I rate NowSecure a seven out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"It shows in-depth code of where actual vulnerabilities are."
"Apart from software scanning, software composition scanning is valuable."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"Less false positive errors as compared to any other solution."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
More Checkmarx One pros
"The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."
 

Cons

"This product requires you to create your own rulesets. You have to do a lot of customization."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"We have received some feedback from our customers who are receiving a large number of false positives."
"The integration could improve by including, for example, DevSecOps."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
More Checkmarx One cons
"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"
 

Pricing and Cost Advice

"It is a good product but a little overpriced."
"It's relatively expensive."
"The interface used to create custom rules comes at an additional cost."
"For around 250 users or committers, the cost is approximately $500,000."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
More Checkmarx One pricing and cost advice
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
850,760 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
5%
Financial Services Firm
26%
Computer Software Company
15%
Manufacturing Company
12%
Insurance Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
See all answers
Ask a question
Earn 20 points
 

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One Logo
SonarQube Server (formerly SonarQube) vs Checkmarx One
Compared 39% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 12% of the time
Fortify on Demand vs Checkmarx One Logo
Fortify on Demand vs Checkmarx One
Compared 6% of the time
Checkmarx SAST vs Checkmarx One Logo
Checkmarx SAST vs Checkmarx One
Compared 5% of the time
OWASP Zap vs Checkmarx One Logo
OWASP Zap vs Checkmarx One
Compared 5% of the time
More Checkmarx One Competitors
Data Theorem API Secure vs NowSecure Logo
Data Theorem API Secure vs NowSecure
Compared 40% of the time
Veracode vs NowSecure Logo
Veracode vs NowSecure
Compared 35% of the time
More NowSecure Competitors
 

Product Reports

Buyer's Guide
Checkmarx One
May 2025
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
Mobile App Testing Tools
May 2025
NowSecure reportDownload NowSecure product report
 

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

NowSecure experts have conducted advanced pen testing for some of the world's most demanding organizations - including banks, insurance companies, government agencies, healthcare organizations, retail conglomerates, high-tech businesses, and more. Mobile apps are prone to sensitive data leakages and attacks, yet a manual test for just one app can take several weeks. To enable faster, more frequent testing, we built a test engine that successfully automates repeatable and time-consuming mobile appsec testing, remediation and reporting tasks. The result - the foundation of the NowSecure platform, which significantly reduces testing time and costs without compromising full depth of security coverage.

NowSecure
 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Vaporstream, FIS, MEA Financial, Silent Circle, Capital One, Citi, EY, EMC, Emerson, Kaiser Permanente, The Home Depot, Humana, Shell, Kellogg's, TD Bank, VMware
Buyer's Guide
Static Application Security Testing (SAST)
April 2025
Download Free Report
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: April 2025.
DOWNLOAD NOW
850,760 professionals have used our research since 2012.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.