Loading product reviews...

application-security-testing checkmarx All Markets > Application Security Testing

Checkmarx

4.7 out of 5.0 (15 ratings)

Reviews Distribution

5 Stars
4 Stars
3 Stars
2 Stars
1 Star
We don't have any qualitative reviews for this vendor yet


View other vendors in this market
We have aggregated ratings data on Checkmarx but all of our reviewers have opted out of sharing their qualitative review feedback. In certain cases we allow reviewers to withhold their qualitative review feedback from public view, in order to protect their confidentiality.
  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    Automation of SAST offering

    Overall Comment

    Great Partnership and focussed effort to help us automate SAST capabilities at organizational scale

    What one piece of advice would you give other prospective customers?

    Start with big picture and end result in mind.

    What do you like most about the product or service?

    Breadth and coverage across latest technologies and ability to automate and integrate with CD tools

    What do you dislike most about the product?

    False Positives Percentage is high which requires fine tuning

    What one thing do you wish the vendor did differently?

    Competitive Pricing


  • 4 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    Implementation was easy, but has some rough edges and needs some additional features

    Overall Comment

    Experienced some deployment and licensing hiccups, upgrade surprises and some interesting desktop software behavior, but overall I feel it's working better than the previous solution we had implemented.

    What one piece of advice would you give other prospective customers?

    Examine entire functional offering from Checkmarx to evaluate both SAST and OSA components together

    What do you like most about the product or service?

    Ability to scan a variety of languages, quickly audit issues, and provide integration with external build systems and ticketing solutions.

    What do you dislike most about the product?

    We've experienced some bad user experiences with their desktop solution and some of the custom query engine scenarios and haven't had a satisfactory resolution or explanation for these difficulties yet.

    What one thing do you wish the vendor did differently?

    Had a more mature Open Source Software solution in place

    If you could start over, what would your organization do differently?

    Possibly identify use cases better before proof of concept and implementation


  • 4 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    Great tool to complement and drive static scans of source code for issues

    Overall Comment

    Very good experience with the breadth of issues and explanations about remediation steps.

    What one piece of advice would you give other prospective customers?

    Please train all your developers early on. With attrition being a major issue with distributed development teams, it is a challenge to set up a continuous online training platform/program that helps all developers understand secure software development.

    What do you like most about the product or service?

    Ease of execution, explanation of issues and mitigation/remediation steps.

    What one thing do you wish the vendor did differently?

    Checkmarx were very helpful with the installation and support.

    If you could start over, what would your organization do differently?

    Train developers to address the problems earlier, ensure that code that gets checked in adheres to OWASP Top-10 and other standards for secure software development.


  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    Innovative product and very easy implementation.

    Overall Comment

    We run PoC and found that Checkmarx was better than Fortify and IBM App Scan, also better audit experience. Installation was easy and it uses resources more efficiently (DB/disk)

    What one piece of advice would you give other prospective customers?

    Do your homework, run PoC and see if it matches your needs.

    What do you like most about the product or service?

    Very efficient use of resources in case of very large code base, user interface.

    What do you dislike most about the product?

    If scan fails, it can not resume.

    Service & support - overall comment

    Very Satisfied


  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    Easy integration and adoption.

    Overall Comment

    Product fulfills requirements, good support, and relationship to the company.

    What do you like most about the product or service?

    An unlimited number of projects, lots of different programming languages supported, speed.

    What do you dislike most about the product?

    GUI usability could be improved

    Service & support - overall comment

    response time sometimes not very good. not easy to find a reason if something is not working.


  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    The implementation was easy. A fun GUI and strong support from developers.

    Overall Comment

    We are very satisfied with the features offered by the tool and the reactivity of Checkmarx.

    What one piece of advice would you give other prospective customers?

    To sensitize the developers with the security of the applications

    What do you like most about the product or service?

    To enrich certain functions (restitution and extraction of the results)

    What one thing do you wish the vendor did differently?

    to optimize the incremental analyses

    If you could start over, what would your organization do differently?

    The same things

    Product capabilities - overall comment

    Product conforms to our present needs

    Service & support - overall comment

    A very good reactivity and support on behalf of Checkmarx.


  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    The clear leader in this space, even though it requires a windows environment.

    Overall Comment

    We compared the CxSAST (Checkmarx Static Analysis Suite) against solutions from Fortify and Coverity. We found that CxSAST was better than Fortify and on-par with Coverity in terms of out-of-the-box performance, however the impressive programmability of the CxSAST, much broader programming language support, and their rapid-release process made them the clear winner. Once we purchased, we were happy with the responsiveness of support, speed of fixing issues, and their local support representatives. The product continues to rapidly involve and impress. The UI has been greatly improved. The plugins allowing integration with third party services are a significant value add. Areas that need improvement: The software only works in windows environment and requires an MS SQL database that must be separately purchased, two things that no other product in this space requires and which add cost to deploying the solution over the use of free operating systems and open source databases that are bundled. The installation process when performing non-standard installs is high tough, as it requires manually editing multiple configuration xml files on different hosts. There is also some paranoia: the licensing restrictions are excessive for no apparent reason. E.g. things like the number of company managers are not actually paid for but are restricted on a per-license basis, so they must be accurately scoped in advance and are difficult to change without going contacting support and obtaining a new license, even though sales are not made on the basis of how many company managers there are. To download the zip file to obtain updates requires entering a password that must first be requested by support, making this process also high touch.

    What one piece of advice would you give other prospective customers?

    Invest in Checkmarx query language training. This is a significant value-add that will greatly increase the overall usefulness of the solution.

    What do you like most about the product or service?

    The Checkmarx query language, support, excellent performance.

    What do you dislike most about the product?

    High touch upgrades. Each time we upgrade I have to log into each of our 16 servers and edit xml files.

    What one thing do you wish the vendor did differently?

    Have out-of-the box support for SSL between components that does not require manually editing multiple XML files. Stop artificially restricting things like company managers in the license. Have support for a scale-based install with Docker images or VMs that does not require per-server steps.

    If you could start over, what would your organization do differently?

    We would engage more heavily with professional services to help us deploy the solution rather than deploying ourselves and then engaging with professional services to help fix issues.

    Product capabilities - overall comment

    The product has more features than the competition combined. Truly amazing breadth of language support, user management, and plugins.

    Service & support - overall comment

    Support is timely and the support staff are knowledgable.

    Integration & Deployment - Overall comment

    The requirement of windows and a third party MS SQL is a real burden and cost, which adds several months to the total deployment timeline. Manually editing config files in order to obtain basic SSL encryption between all system components is completely out of touch with today's threat environment.


  • 4 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    Excellent security tool for scripting languages in an agile environment.

    Overall Comment

    Product technology is solid and fits our needs.

    What do you like most about the product or service?

    Support for scripting languages.

    What one thing do you wish the vendor did differently?

    Please release Checkmarx plug-in for Rubymine. Our RoR developers prefer to run the security check within IDE and be more effective and efficient.

    Service & support - overall comment

    Lack of local support in Singapore

    Integration & Deployment - Overall comment

    Please release Checkmarx plug-in for Rubymine. Our RoR developers prefer to run the security check within IDE and be more effective and efficient


  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    Easy to use, code coverage and excellent integration options with third-party tools.

    Overall Comment

    Checkmarx CxSAST is exceptionally easy to use, low cost and used by expert security professionals for Static Code Analysis. The installation was easy and support staff was excellent. The availability of Proof of Concept (POC) helped us gain our confident with the CxSAST product. We are extremely satisfied with the performance of large scans as well as scan report capabilities.

    What one piece of advice would you give other prospective customers?

    Highly recommend using the POC option to evaluate Checkmarx CxSAST tool.

    What do you like most about the product or service?

    The support staff was great and not hesitate to an extent the POC license when we needed additional time.

    What do you dislike most about the product?

    None. Best SAST tool in the market.

    What one thing do you wish the vendor did differently?

    Perhaps more frequent updates.

    If you could start over, what would your organization do differently?

    We are extremely satisfied with the pre and post sales process.

    Service & support - overall comment

    After looking at multiple vendors,


  • 5 out of 5.0, Reviewed

    Product(s): CxSAST On-Premises

    If you are looking to bake security into a development shop, look no further.

    Overall Comment

    We left the decision on which product would meet our security policies in the engineering / development hands. The results have been way beyond expectations. The product is made by developers for developers and as a security leader, my role is to increase adoption and manage risks. This product has achieved that. We left the decision on which product would meet our security policies in the engineering / development hands. The results have been way beyond expectations. The product is made by developers for developers and as a security leader, my role is to increase adoption and manage risks. This product has achieved that.

    What one piece of advice would you give other prospective customers?

    Think about what the goal of the technology is. To meet your needs or the business.

    What do you like most about the product or service?

    What I like most is the level of adoption usage and impact within our engineering department the product has made.

    What do you dislike most about the product?

    Nothing.

    What one thing do you wish the vendor did differently?

    nothing.

    If you could start over, what would your organization do differently?

    Set better end of year goals to aling to the strong adoption.


Show More Reviews

Ratings Overview

1 2 3 4 5
Section
1

Evaluation & Contracting

Overall rating of product evaluation and contract negotiation

(14)
4.6

Ability to understand your organization's needs

(15)
4.6

Timely and complete response to product questions

(15)
4.5

Pricing and contract flexibility (pricing and terms)

(14)
4.1
1 2 3 4 5
Section
1

Integration & Deployment

Overall rating of integration and deployment

(15)
4.3

How long did your deployment take?

0 - 3 months (<3)

3 - 6 months (<6)

6 - 9 months (<9)

9 - 12 months (<12)


Availability of quality 3rd-party resources (integrators, service providers, etc.)

(7)
3.9

Ease of integration using standard APIs and tools

(13)
4.1

Quality and availability of end-user training

(12)
4.3

Ease of deployment

(15)
4.3
1 2 3 4 5
Section
1

Service & Support

Overall rating of service and support

(15)
4.3

Did you purchase a support package from the vendor?

Yes

No

I’m unsure


Timeliness of vendor's response

(15)
4.3

Quality of technical support

(15)
4.5

Quality of peer user community

(9)
3.4
1 2 3 4 5
Section
1

Product Capabilities

Overall rating of product capabilities

(15)
4.6

Dynamic AST as a Tool

(6)
4.5

Dynamic AST as a Service

(2)
3.5

Static AST as a Tool

(13)
4.8

Static AST as a Service

(3)
4.7

Interactive AST

(5)
4.2

Mobile AST

(7)
4.1

Enterprise-Class AST

(8)
4.6

Stand-Alone AST

(8)
4.6

WAF/EMM Integration or RASP

(1)
3.0
1 2 3 4 5
Section
1

Additional Context

What was the nature of your involvement?

Vendor/Product Selection

Application Lead

Development/Integration

Rollout and Install

Technical Assessment

Functional Assessment

Vendor Management

Maintenance and Support

User Training

Executive Sponsor

Other...


What other vendors were considered?

Hewlett Packard Enterprise

IBM

Veracode

WhiteHat Security

Contrast Security

Synopsys

The Open Web Application Security Project (OWASP)

Acunetix

CAST Software

Checkmarx

Cigital

Denim Group

NowSecure

Qualys

Rapid7

Other...


Why did you purchase this product?

Improve compliance & risk management

Create internal/operational efficiencies

Improve business process outcomes

Reduce time to market

Cost management

Drive revenue growth

Enhance decision making

Improve business process agility

Drive innovation

Improve customer relations/service

Improve supplier or partner relations

Other...


What were the key factors that drove your decision?

Product functionality and performance

Functional breadth

Overall cost

Breadth of services

Product roadmap and future vision

Strong customer focus

Pre-existing relationships

Strong consulting partnership

Strong services expertise

Other...


In which region(s) did your deployment take place?

North America

Europe, Middle East and Africa

Asia/Pacific