We performed a comparison between Checkmarx and Polyspace Code Prover based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The most valuable feature is the application tracking reporting."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The only thing I like is that Checkmarx does not need to compile."
"The user interface is excellent. It's very user friendly."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The product detects memory corruptions."
"Polyspace Code Prover is a very user-friendly tool."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"The outputs are very reliable."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Checkmarx could be improved with more integration with third-party software."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"I would like to see the rate of false positives reduced."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"The solution sometimes reports a false auditable code or false positive."
"The integration could improve by including, for example, DevSecOps."
"The tool has some stability issues."
"I'd like the data to be taken from any format."
"One of the main disadvantages is the time it takes to initiate the first run."
"Using Code Prover on large applications crashes sometimes."
"Automation could be a challenge."
Checkmarx is ranked 3rd in Application Security Tools with 67 reviews while Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews. Checkmarx is rated 7.6, while Polyspace Code Prover is rated 7.6. The top reviewer of Checkmarx writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Polyspace Code Prover is most compared with SonarQube, Coverity, Klocwork and CodeSonar. See our Checkmarx vs. Polyspace Code Prover report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.