Loading product reviews...

application-security-testing checkmarx All Markets > Application Security Testing

Checkmarx

4.7 out of 5.0 (7 ratings)

Reviews Distribution

5 Stars
4 Stars
3 Stars
2 Stars
1 Star
We don't have any qualitative reviews for this vendor yet


View other vendors in this market
We have aggregated ratings data on Checkmarx but all of our reviewers have opted out of sharing their qualitative review feedback. In certain cases we allow reviewers to withhold their qualitative review feedback from public view, in order to protect their confidentiality.
  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    The implementation was easy. A fun GUI and strong support from developers.

    Overall Comment

    We are very satisfied with the features offered by the tool and the reactivity of Checkmarx.

    What one piece of advice would you give other prospective customers?

    To sensitize the developers with the security of the applications

    What do you like most about the product or service?

    To enrich certain functions (restitution and extraction of the results)

    What one thing do you wish the vendor did differently?

    to optimize the incremental analyses

    If you could start over, what would your organization do differently?

    The same things

    Product capabilities - overall comment

    Product conforms to our present needs

    Service & support - overall comment

    A very good reactivity and support on behalf of Checkmarx.


  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    If you are looking to bake security into a development shop, look no further.

    Overall Comment

    We left the decision on which product would meet our security policies in the engineering / development hands. The results have been way beyond expectations. The product is made by developers for developers and as a security leader, my role is to increase adoption and manage risks. This product has achieved that. We left the decision on which product would meet our security policies in the engineering / development hands. The results have been way beyond expectations. The product is made by developers for developers and as a security leader, my role is to increase adoption and manage risks. This product has achieved that.

    What one piece of advice would you give other prospective customers?

    Think about what the goal of the technology is. To meet your needs or the business.

    What do you like most about the product or service?

    What I like most is the level of adoption usage and impact within our engineering department the product has made.

    What do you dislike most about the product?

    Nothing.

    What one thing do you wish the vendor did differently?

    nothing.

    If you could start over, what would your organization do differently?

    Set better end of year goals to aling to the strong adoption.


  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    Simple to rollout, support and use.

    Overall Comment

    Checkmarx has proven easy to rollout, support and use. The feedback from our developers had been very positive, which has aided our adoption of code scanning as a routine activity.

    What one piece of advice would you give other prospective customers?

    Consider carefull the licenses and potential use cases for your teams and users.

    What do you like most about the product or service?

    Usability of the tool.

    What do you dislike most about the product?

    License management.

    What one thing do you wish the vendor did differently?

    I'd like to see a concurrent 'floating license' as named user licenses are very difficult to manage in an organization with 1000+ developers from partners/managed service providers.

    If you could start over, what would your organization do differently?

    We might consider improving the application security knowledge of the support team, earlier on.

    Service & support - overall comment

    N/A


  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    More language support by default and easy to get up and running

    Overall Comment

    Checkmarx supports a wide array of programming languages, including some legacy ones in our environment, completely out of the box. It can be easily integrated with build automation tools and bug tracking systems like Jira. The sales people were extremely easy to work with and their support has been outstanding.

    What one piece of advice would you give other prospective customers?

    Make sure that you do the evaluation alongside, and receive buy-in from, your developer community. It makes the integration process go a lot smoother.

    What do you like most about the product or service?

    Checkmarx supports a wide range of different programming languages. It works on all of our different technologies with no additional fees.

    What do you dislike most about the product?

    It runs in a Windows environment.

    What one thing do you wish the vendor did differently?

    I'm not a big fan of Windows and wish that it could run in a Linux-based environment instead.

    If you could start over, what would your organization do differently?

    We have seen cases where upgrades of the tool have broken the environment. Therefore, if we were to start over, it would probably be with a development environment to test the changes before pushing to production.

    Integration & Deployment - Overall comment

    Deployment went out without a hitch. Integration has taken a bit longer. Not because of anything on the Checkmarx side, but because we are working with different groups to make it happen.


  • 4 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    Success Story.

    Overall Comment

    Our partnership with Checkmarx is a big success story. We are proud of what we've achieved, and from the level of collaboration. Both companies have shared the same vision and goal in terms of building a state of the art SDLC process. Not only in the technical level, but overall with product, processes and human factor.

    What one piece of advice would you give other prospective customers?

    Ensure resources are allocated for integration, testing and support

    What do you like most about the product or service?

    Quickly showing the value after implementation

    What one thing do you wish the vendor did differently?

    Support more languages, ability to have built-in bug management (not only via JIRA integration)

    If you could start over, what would your organization do differently?

    1. Processes and human factor are a key part of success 2. The tool requires a professional security person with background in application and coding

    Integration & Deployment - Overall comment

    The Checkmarx team has worked with our teams in a very proffesional way to integrate the product and capabilities into the CI and Dev environments


  • 4 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    End Goal to improve security of internally developed projects.

    Overall Comment

    Implemented into scrum development process allowed for secure code review without interruption of critical time to market deliverables. Reduced end state delays and security required rework of code vulnerabilities that significantly allowed generation of vetted validated code for re-use.

    What one piece of advice would you give other prospective customers?

    ensure that a validated secure code repository is available prior to deployment to encourage reuse.

    What one thing do you wish the vendor did differently?

    legacy code would be beneficial.

    If you could start over, what would your organization do differently?

    engage sooner on process changes to integrate properly into the development stream.


  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    Great product! Looking forward to new features and improvements.

    Overall Comment

    The Checkmarx product is clean and robust. The vendor's support has been quick and thorough. Scan performance, integrations and UI could use some improvements, but otherwise I am completely satisfied.

    What do you like most about the product or service?

    I love the attack vector graph, which shows you where the vulnerability starts, ends and each step in between.

    What do you dislike most about the product?

    Performance. 700K lines of code takes a few hours to process.

    What one thing do you wish the vendor did differently?

    I wish the product was more affordable so that we could provided it to each of our developers.


Ratings Overview

1 2 3 4 5
Section
1

Evaluation & Contracting

Overall rating of product evaluation and contract negotiation

(7)
4.7

Ability to understand your organization's needs

(7)
4.9

Timely and complete response to product questions

(7)
4.7

Pricing and contract flexibility (pricing and terms)

(7)
4.1
1 2 3 4 5
Section
1

Integration & Deployment

Overall rating of integration and deployment

(7)
4.6

How long did your deployment take?

0 - 3 months (<3)

3 - 6 months (<6)

6 - 9 months (<9)


Availability of quality 3rd-party resources (integrators, service providers, etc.)

(3)
4.3

Ease of integration using standard APIs and tools

(7)
4.3

Quality and availability of end-user training

(6)
4.2

Ease of deployment

(7)
4.4
1 2 3 4 5
Section
1

Service & Support

Overall rating of service and support

(7)
4.7

Did you purchase a support package from vendor?

Yes


Timeliness of vendor's response

(7)
4.6

Quality of technical support

(7)
4.7

Quality of peer user community

(5)
3.8
1 2 3 4 5
Section
1

Product Capabilities

Overall rating of product capabilities

(7)
4.7

Dynamic AST as a Tool

(4)
4.3

Dynamic AST as a Service

(1)
3.0

Static AST as a Tool

(7)
4.9

Static AST as a Service

(2)
5.0

Interactive AST

(3)
4.0

Mobile AST

(1)
3.0

Enterprise-Class AST

(4)
5.0

Stand-Alone AST

(3)
4.3

WAF/EMM Integration or RASP

(1)
3.0
1 2 3 4 5
Section
1

Additional Context

What was the nature of your involvement?

Development/Integration

Rollout and Install

Vendor/Product Selection

Application Lead

Functional Assessment

Technical Assessment

User Training

Maintenance and Support

Vendor Management

Executive Sponsor

Other...


What other vendors were considered? Multiple responses allowed.

Veracode

Hewlett Packard Enterprise

IBM

The Open Web Application Security Project (OWASP)

WhiteHat Security

Acunetix

CAST Software

Checkmarx

Cigital

Contrast Security

Denim Group

Qualys

Rapid7

Other...


Why did you purchase this product?

Create internal/operational efficiencies

Improve compliance & risk management

Reduce time to market

Cost management

Drive revenue growth

Improve business process agility

Improve customer relations/service

Other...


What were the key factors that drove your decision?

Product functionality and performance

Overall cost

Functional breadth

Breadth of services

Strong consulting partnership

Strong customer focus

Strong services expertise

Product roadmap and future vision

Other...


In which region(s) did your deployment take place? Multiple responses allowed.

North America

Europe, Middle East and Africa

Asia/Pacific