4.6 out of 5.0 (17 ratings)
17 Verified Reviews

CxSAST On-Premises

Best static appsec scanner for centralized cross-product application security team

CheckMarx perfectly aligns with requirements of centralized cross-product application security team responsible for 100s of products/applications.

1

CxSAST On-Premises

Great SAST Solution, Not Perfect, But Best Available

The product works well and is certainly of benefit, but I find that intricate issues can take a while for support to acknowledge and create fixes for.

CxSAST On-Premises

Automation of SAST offering

Great Partnership and focussed effort to help us automate SAST capabilities at organizational scale

CxSAST On-Premises

Implementation was easy, but has some rough edges and needs some additional features

Experienced some deployment and licensing hiccups, upgrade surprises and some interesting desktop software behavior, but overall I feel it's working better than the previous solution we had implemented.

CxSAST On-Premises

Great tool to complement and drive static scans of source code for issues

Very good experience with the breadth of issues and explanations about remediation steps.

CxSAST On-Premises

Innovative product and very easy implementation.

We run PoC and found that Checkmarx was better than Fortify and IBM App Scan, also better audit experience. Installation was easy and it uses resources more efficiently (DB/disk)

CxSAST On-Premises

Easy integration and adoption.

Product fulfills requirements, good support, and relationship to the company.

CxSAST On-Premises

The implementation was easy. A fun GUI and strong support from developers.

We are very satisfied with the features offered by the tool and the reactivity of Checkmarx.

CxSAST On-Premises

The clear leader in this space, even though it requires a windows environment.

We compared the CxSAST (Checkmarx Static Analysis Suite) against solutions from Fortify and Coverity. We found that CxSAST was better than Fortify and on-par with Coverity in terms of out-of-the-box performance, however the impressive programmability of the CxSAST, much broader programming language support, and their rapid-release process made them the clear winner. Once we purchased, we were happy with the responsiveness of support, speed of fixing issues, and their local support representatives. The product continues to rapidly involve and impress. The UI has been greatly improved. The plugins allowing integration with third party services are a significant value add. Areas that need improvement: The software only works in windows environment and requires an MS SQL database that must be separately purchased, two things that no other product in this space requires and which add cost to deploying the solution over the use of free operating systems and open source databases that are bundled. The installation process when performing non-standard installs is high tough, as it requires manually editing multiple configuration xml files on different hosts. There is also some paranoia: the licensing restrictions are excessive for no apparent reason. E.g. things like the number of company managers are not actually paid for but are restricted on a per-license basis, so they must be accurately scoped in advance and are difficult to change without going contacting support and obtaining a new license, even though sales are not made on the basis of how many company managers there are. To download the zip file to obtain updates requires entering a password that must first be requested by support, making this process also high touch.

CxSAST On-Premises

Excellent security tool for scripting languages in an agile environment.

Product technology is solid and fits our needs.