5 out of 5.0, Reviewed Sep 14, 2016
We are very satisfied with the features offered by the tool and the reactivity of Checkmarx.
To sensitize the developers with the security of the applications
To enrich certain functions (restitution and extraction of the results)
to optimize the incremental analyses
The same things
Product conforms to our present needs
A very good reactivity and support on behalf of Checkmarx.
5 out of 5.0, Reviewed Aug 18, 2016
We left the decision on which product would meet our security policies in the engineering / development hands. The results have been way beyond expectations. The product is made by developers for developers and as a security leader, my role is to increase adoption and manage risks. This product has achieved that. We left the decision on which product would meet our security policies in the engineering / development hands. The results have been way beyond expectations. The product is made by developers for developers and as a security leader, my role is to increase adoption and manage risks. This product has achieved that.
Think about what the goal of the technology is. To meet your needs or the business.
What I like most is the level of adoption usage and impact within our engineering department the product has made.
Set better end of year goals to aling to the strong adoption.
5 out of 5.0, Reviewed Aug 11, 2016
Checkmarx has proven easy to rollout, support and use. The feedback from our developers had been very positive, which has aided our adoption of code scanning as a routine activity.
Consider carefull the licenses and potential use cases for your teams and users.
Usability of the tool.
I'd like to see a concurrent 'floating license' as named user licenses are very difficult to manage in an organization with 1000+ developers from partners/managed service providers.
We might consider improving the application security knowledge of the support team, earlier on.
5 out of 5.0, Reviewed Aug 8, 2016
Checkmarx supports a wide array of programming languages, including some legacy ones in our environment, completely out of the box. It can be easily integrated with build automation tools and bug tracking systems like Jira. The sales people were extremely easy to work with and their support has been outstanding.
Make sure that you do the evaluation alongside, and receive buy-in from, your developer community. It makes the integration process go a lot smoother.
Checkmarx supports a wide range of different programming languages. It works on all of our different technologies with no additional fees.
It runs in a Windows environment.
I'm not a big fan of Windows and wish that it could run in a Linux-based environment instead.
We have seen cases where upgrades of the tool have broken the environment. Therefore, if we were to start over, it would probably be with a development environment to test the changes before pushing to production.
Deployment went out without a hitch. Integration has taken a bit longer. Not because of anything on the Checkmarx side, but because we are working with different groups to make it happen.
4 out of 5.0, Reviewed Aug 4, 2016
Our partnership with Checkmarx is a big success story. We are proud of what we've achieved, and from the level of collaboration. Both companies have shared the same vision and goal in terms of building a state of the art SDLC process. Not only in the technical level, but overall with product, processes and human factor.
Ensure resources are allocated for integration, testing and support
Quickly showing the value after implementation
Support more languages, ability to have built-in bug management (not only via JIRA integration)
1. Processes and human factor are a key part of success 2. The tool requires a professional security person with background in application and coding
The Checkmarx team has worked with our teams in a very proffesional way to integrate the product and capabilities into the CI and Dev environments
4 out of 5.0, Reviewed Jun 15, 2016
Implemented into scrum development process allowed for secure code review without interruption of critical time to market deliverables. Reduced end state delays and security required rework of code vulnerabilities that significantly allowed generation of vetted validated code for re-use.
ensure that a validated secure code repository is available prior to deployment to encourage reuse.
legacy code would be beneficial.
engage sooner on process changes to integrate properly into the development stream.
5 out of 5.0, Reviewed Mar 4, 2016
The Checkmarx product is clean and robust. The vendor's support has been quick and thorough. Scan performance, integrations and UI could use some improvements, but otherwise I am completely satisfied.
I love the attack vector graph, which shows you where the vulnerability starts, ends and each step in between.
Performance. 700K lines of code takes a few hours to process.
I wish the product was more affordable so that we could provided it to each of our developers.