5 out of 5.0, Reviewed Oct 13, 2016
We run PoC and found that Checkmarx was better than Fortify and IBM App Scan, also better audit experience. Installation was easy and it uses resources more efficiently (DB/disk)
Do your homework, run PoC and see if it matches your needs.
Very efficient use of resources in case of very large code base, user interface.
If scan fails, it can not resume.
5 out of 5.0, Reviewed Oct 12, 2016
Product fulfills requirements, good support, and relationship to the company.
An unlimited number of projects, lots of different programming languages supported, speed.
GUI usability could be improved
response time sometimes not very good. not easy to find a reason if something is not working.
5 out of 5.0, Reviewed Sep 14, 2016
We are very satisfied with the features offered by the tool and the reactivity of Checkmarx.
To sensitize the developers with the security of the applications
To enrich certain functions (restitution and extraction of the results)
to optimize the incremental analyses
The same things
Product conforms to our present needs
A very good reactivity and support on behalf of Checkmarx.
5 out of 5.0, Reviewed Sep 6, 2016
We compared the CxSAST (Checkmarx Static Analysis Suite) against solutions from Fortify and Coverity. We found that CxSAST was better than Fortify and on-par with Coverity in terms of out-of-the-box performance, however the impressive programmability of the CxSAST, much broader programming language support, and their rapid-release process made them the clear winner. Once we purchased, we were happy with the responsiveness of support, speed of fixing issues, and their local support representatives. The product continues to rapidly involve and impress. The UI has been greatly improved. The plugins allowing integration with third party services are a significant value add. Areas that need improvement: The software only works in windows environment and requires an MS SQL database that must be separately purchased, two things that no other product in this space requires and which add cost to deploying the solution over the use of free operating systems and open source databases that are bundled. The installation process when performing non-standard installs is high tough, as it requires manually editing multiple configuration xml files on different hosts. There is also some paranoia: the licensing restrictions are excessive for no apparent reason. E.g. things like the number of company managers are not actually paid for but are restricted on a per-license basis, so they must be accurately scoped in advance and are difficult to change without going contacting support and obtaining a new license, even though sales are not made on the basis of how many company managers there are. To download the zip file to obtain updates requires entering a password that must first be requested by support, making this process also high touch.
Invest in Checkmarx query language training. This is a significant value-add that will greatly increase the overall usefulness of the solution.
The Checkmarx query language, support, excellent performance.
High touch upgrades. Each time we upgrade I have to log into each of our 16 servers and edit xml files.
Have out-of-the box support for SSL between components that does not require manually editing multiple XML files. Stop artificially restricting things like company managers in the license. Have support for a scale-based install with Docker images or VMs that does not require per-server steps.
We would engage more heavily with professional services to help us deploy the solution rather than deploying ourselves and then engaging with professional services to help fix issues.
The product has more features than the competition combined. Truly amazing breadth of language support, user management, and plugins.
Support is timely and the support staff are knowledgable.
The requirement of windows and a third party MS SQL is a real burden and cost, which adds several months to the total deployment timeline. Manually editing config files in order to obtain basic SSL encryption between all system components is completely out of touch with today's threat environment.
4 out of 5.0, Reviewed Aug 30, 2016
Product technology is solid and fits our needs.
Support for scripting languages.
Please release Checkmarx plug-in for Rubymine. Our RoR developers prefer to run the security check within IDE and be more effective and efficient.
Lack of local support in Singapore
Please release Checkmarx plug-in for Rubymine. Our RoR developers prefer to run the security check within IDE and be more effective and efficient
5 out of 5.0, Reviewed Aug 29, 2016
Checkmarx CxSAST is exceptionally easy to use, low cost and used by expert security professionals for Static Code Analysis. The installation was easy and support staff was excellent. The availability of Proof of Concept (POC) helped us gain our confident with the CxSAST product. We are extremely satisfied with the performance of large scans as well as scan report capabilities.
Highly recommend using the POC option to evaluate Checkmarx CxSAST tool.
The support staff was great and not hesitate to an extent the POC license when we needed additional time.
None. Best SAST tool in the market.
Perhaps more frequent updates.
We are extremely satisfied with the pre and post sales process.
After looking at multiple vendors,
5 out of 5.0, Reviewed Aug 18, 2016
We left the decision on which product would meet our security policies in the engineering / development hands. The results have been way beyond expectations. The product is made by developers for developers and as a security leader, my role is to increase adoption and manage risks. This product has achieved that. We left the decision on which product would meet our security policies in the engineering / development hands. The results have been way beyond expectations. The product is made by developers for developers and as a security leader, my role is to increase adoption and manage risks. This product has achieved that.
Think about what the goal of the technology is. To meet your needs or the business.
What I like most is the level of adoption usage and impact within our engineering department the product has made.
Set better end of year goals to aling to the strong adoption.
5 out of 5.0, Reviewed Aug 11, 2016
Checkmarx has proven easy to rollout, support and use. The feedback from our developers had been very positive, which has aided our adoption of code scanning as a routine activity.
Consider carefull the licenses and potential use cases for your teams and users.
Usability of the tool.
I'd like to see a concurrent 'floating license' as named user licenses are very difficult to manage in an organization with 1000+ developers from partners/managed service providers.
We might consider improving the application security knowledge of the support team, earlier on.
1 of 1 peer(s) found this review helpful.
5 out of 5.0, Reviewed Aug 8, 2016
Checkmarx supports a wide array of programming languages, including some legacy ones in our environment, completely out of the box. It can be easily integrated with build automation tools and bug tracking systems like Jira. The sales people were extremely easy to work with and their support has been outstanding.
Make sure that you do the evaluation alongside, and receive buy-in from, your developer community. It makes the integration process go a lot smoother.
Checkmarx supports a wide range of different programming languages. It works on all of our different technologies with no additional fees.
It runs in a Windows environment.
I'm not a big fan of Windows and wish that it could run in a Linux-based environment instead.
We have seen cases where upgrades of the tool have broken the environment. Therefore, if we were to start over, it would probably be with a development environment to test the changes before pushing to production.
Deployment went out without a hitch. Integration has taken a bit longer. Not because of anything on the Checkmarx side, but because we are working with different groups to make it happen.
4 out of 5.0, Reviewed Aug 4, 2016
Our partnership with Checkmarx is a big success story. We are proud of what we've achieved, and from the level of collaboration. Both companies have shared the same vision and goal in terms of building a state of the art SDLC process. Not only in the technical level, but overall with product, processes and human factor.
Ensure resources are allocated for integration, testing and support
Quickly showing the value after implementation
Support more languages, ability to have built-in bug management (not only via JIRA integration)
1. Processes and human factor are a key part of success 2. The tool requires a professional security person with background in application and coding
The Checkmarx team has worked with our teams in a very proffesional way to integrate the product and capabilities into the CI and Dev environments