Bugzilla vs. Checkmarx

Buzilla is easy to use and provides basic functionality to use as a bug tracking tool. If big size attachments are allowed it would have been great. Also with Bugzilla home->Test management area is improved by allowing multiple sections it would be awesome!

Incentivized

If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.

Incentivized

• Open source! No license fee involved, no limit to the number of licenses.
• Easy to install and maintain. Installation is very easy and hardly needs any maintenance efforts, except when migrating from one version to other. Each project can have its own group of users.
• Includes all the core features/fields that are needed to log a software bug/issue.
• Multiple attachments are possible, supports various formats.
• Good for reporting. Filtering mechanism lets you query bugs by various parameters.

Incentivized

• Detects security vulnerabilities in source code with accuracy and detail.
• Integrates seamlessly with CI/CD pipelines, IDEs, and repositories.
• Provides clear reports and actionable fix recommendations for developers.

Incentivized

• Cloud Based. I'd like to see bugzilla be cloud based. The company I currently work with made a final decision to change db's for this specific reason. Due to the frequency of travel in this company, they need access to bugzilla from differing national / international locations.
• Larger File Attachments. I believe the limit of a bugzilla content upload is 4 megabytes. For many of our video'd issues, this file size is simply impractical without the additional effort exertion on video compressor applications.

Incentivized

• Scan duration
• False positives
• Integration with other tools like Jenkins comes with some inconveniences.

Incentivized

For future projects I will look at something that is hosted in the cloud that I don't have to manage. I would also like something that has a more modern feel to allow my customers to use it as well as my employees.

Incentivized

This is a pretty straightforward system. You put in the bug details, a ticket is created, the team is notified. The user interface reflects this very simple and straightforward flow. It's certainly much easier than trying to track bugs with using Excel and email.

Their API based customizations which I leveraged to create an ASPM package, which is developer friendly and can extend above the dashboard features, other ones are UI which is great and feels clutter free. Menu and navigation is also good so as support. Only drawback is sometimes scan takes longer which I feel so can be reduced

Incentivized

I used it.

Incentivized

I like this rating.

Incentivized

Since it is open source, it doesn't have customer service. However, the amount of information on forums is vast. If you can wade through it, you'll get what you need

Incentivized

I know it.

Incentivized

Implementation was pretty simple. Particularly because the product cannot be customized so there is not much to do apart from getting it up and running.

We migrated away from the whole suite of Rational tools because of their massive complexity around administration and inflexibility regarding workflows. In addition, the suite was insanely expensive, and users hated the usability of the tools. We evaluated, and liked JIRA, but because the organization was looking for cost savings, we ended up going with Bugzilla and it's FOSS model so as to avoid ongoing costs.

Incentivized

Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems

Incentivized

I used it

Incentivized

• It has made the SDLC process more efficient. Bugs were logged and tracked in emails or in Excel sheets leading to slow communication and at time version issues with multiple files. Being an online tool, Bugzilla solved those issues, improved communication, instant status updates and improved efficiency.
• We have used Bugzilla with a lot of federal goverment agencies (DHS, CMS, SAMHSA, CDC, HHS etc). Project Directors adn Principle Investigators were at times given access to Bugzilla which provided a snapshot of open vs closed issues.
• Some groups would resist using Bugzilla with the email reminders being the main reason. Turning off or reminding them of features where we can 'control' email notification helped a lot.

Incentivized

• Improved ability to provide high level of IA confidence
• Improved confidence in application-level security

Incentivized