Checkmarx vs Polyspace Code Prover comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
36,060 views|23,954 comparisons
MathWorks Logo
1,776 views|1,181 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Checkmarx and Polyspace Code Prover based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx vs. Polyspace Code Prover Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking.""The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects.""The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions).""The most valuable feature is the application tracking reporting.""The most valuable features are the easy to understand interface, and it 's very user-friendly.""The only thing I like is that Checkmarx does not need to compile.""The user interface is excellent. It's very user friendly.""It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."

More Checkmarx Pros →

"The product detects memory corruptions.""Polyspace Code Prover is a very user-friendly tool.""When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences.""Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect.""The outputs are very reliable."

More Polyspace Code Prover Pros →

Cons
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to.""Checkmarx could be improved with more integration with third-party software.""Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve.""I would like to see the rate of false positives reduced.""It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use.""When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped.""The solution sometimes reports a false auditable code or false positive.""The integration could improve by including, for example, DevSecOps."

More Checkmarx Cons →

"The tool has some stability issues.""I'd like the data to be taken from any format.""One of the main disadvantages is the time it takes to initiate the first run.""Using Code Prover on large applications crashes sometimes.""Automation could be a challenge."

More Polyspace Code Prover Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
  • More Checkmarx Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Top Answer:The solution's price is high and you pay based on the number of users.
    Top Answer:When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts… more »
    Top Answer:There are two main areas of improvement. * False negatives and false positives. * The speed of the validation itself. Another area I see for improvement is scalability, particularly when dealing with… more »
    Ranking
    Views
    36,060
    Comparisons
    23,954
    Reviews
    20
    Average Words per Review
    455
    Rating
    7.7
    Views
    1,776
    Comparisons
    1,181
    Reviews
    5
    Average Words per Review
    656
    Rating
    7.6
    Comparisons
    Learn More
    MathWorks
    Video Not Available
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Polyspace Code Prover is a sound static analysis tool that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code. It produces results without requiring program execution, code instrumentation, or test cases. Polyspace Code Prover uses semantic analysis and abstract interpretation based on formal methods to verify software interprocedural, control, and data flow behavior. You can use it on handwritten code, generated code, or a combination of the two. Each operation is color-coded to indicate whether it is free of run-time errors, proven to fail, unreachable, or unproven.

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Alenia Aermacchi, CSEE Transport, Delphi Diesel Systems, EADS, Institute for Radiological Protection and Nuclear Safety, Korean Air, KOSTAL, Miracor, NASA Ames Research Center
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm22%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    VISITORS READING REVIEWS
    Manufacturing Company34%
    Computer Software Company15%
    Transportation Company7%
    Retailer5%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise11%
    Large Enterprise72%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise9%
    Large Enterprise76%
    Buyer's Guide
    Checkmarx vs. Polyspace Code Prover
    March 2024
    Find out what your peers are saying about Checkmarx vs. Polyspace Code Prover and other solutions. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    Checkmarx is ranked 3rd in Application Security Tools with 67 reviews while Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews. Checkmarx is rated 7.6, while Polyspace Code Prover is rated 7.6. The top reviewer of Checkmarx writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Polyspace Code Prover is most compared with SonarQube, Coverity, Klocwork and CodeSonar. See our Checkmarx vs. Polyspace Code Prover report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.