IT Central Station is now PeerSpot: Here's why

What is the biggest difference between Veracode and Checkmarx?


We are evaluating application security solutions. What is the biggest difference between Veracode and Checkmarx? Which would you recommend? 

Thanks! I appreciate the help. 

PeerSpot user
66 Answers

Russell Rothstein - PeerSpot reviewer
Community Manager

JaeLee, check out our comparison page hereof Veracode vs Checkmarx: https://www.itcentralstation.c...

Checkmarx is ranked 4th, while Veracode is ranked 1st with 39 reviews. Checkmarx is rated 8.0, while Veracode is rated 8.2. 

The top reviewer of Checkmarx writes "Works well with Windows servers but no Linux support and takes too long to scan files". 

On the other hand, the top reviewer of Veracode writes "Enables us to automatically submit each new build for scanning and get results directly into our JIRA". 

Checkmarx is most compared with SonarQube, Veracode and Micro Focus Fortify on Demand, whereas Veracode is most compared with SonarQube, Checkmarx and Micro Focus Fortify on Demand.

Laura Paine - PeerSpot reviewer

Veracode has offered a dynamic analysis testing solution for several years, having launched our first offering in 2015. Veracode’s DAST product line offers the ideal solution to find all of the sites on your web perimeter, including the ones that you did not know about, and run a comprehensive DAST scan of the websites you are securing. Veracode Dynamic Analysis scans Single Page Apps and apps built with Angular and React Vue.js frameworks. Veracode Dynamic Analysis provides scanning automation to configure, schedule, and kick-off scans using REST APIs. We offer integrations with Jira and Jenkins to help streamline your processes. While we are new entrants into the IAST market, we’re confident that Veracode Interactive Analysis can meet the needs of the market. Veracode’s IAST product installs in the pipeline with a lightweight, multi-language agent that delivers high-quality results. Veracode Interactive Analysis covers multiple languages to simplify CICD tooling and adds only 3% to pipeline timelines.

Elina Petrovna - PeerSpot reviewer
Real User

In order to run correctly, Veracode needs executables compiled with debug, that is not so different from having source code, but configuration files checking will be excluded from the analysis. The quality of detections of CheckMarx is superior, as well as the number of supported programming languages. Further, the Veracode company's stability was recently mined by a further recent acquisition. Between those products I haven't any doubt to choose Checkmarx

it_user1162671 - PeerSpot reviewer

Veracode is very new in DAST and IAST, Checkmarx is offering that since longer time and is more experienced.

Vincent Hu - PeerSpot reviewer

Checkmarx can be deploy on private , Veracode only support the Saas Model . But in China I think that is better for Appscan which include black box and white box function . Any question can contact SYSTIME CHINA . (

Debbie G - PeerSpot reviewer

Buyer's Guide
Checkmarx vs. Veracode
July 2022
Find out what your peers are saying about Checkmarx vs. Veracode and other solutions. Updated: July 2022.
621,703 professionals have used our research since 2012.