Checkmarx vs. Findbugs

Checkmarx

20 Reviews and Ratings

Findbugs

1 Reviews and Ratings

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Checkmarx	Score 8.2 out of 10	N/A	Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)	N/A
Findbugs	Score 7.0 out of 10	N/A	FindBugs is an open source program which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License, and was developed (and its brand is trademarked by) the University of Maryland.	N/A

Pricing

Checkmarx

Findbugs

Editions & Modules

No answers on this topic

No answers on this topic

Offerings

Pricing Offerings
Checkmarx	Findbugs
Free Trial
No	No
Free/Freemium Version
No	No
Premium Consulting/Integration Services
No	No

Entry-level Setup Fee

No setup fee

No setup fee

Additional Details

—

—

More Pricing Information

Community Pulse
	Checkmarx	Findbugs
Top Pros	Pro False positive Pro Data flow Pro Number of languages	No answers on this topic
Top Cons	Minus False positives Minus Additional plugins Minus Hard to integrate	No answers on this topic

Best Alternatives
	Checkmarx	Findbugs
Small Businesses	GitLab Score 8.9 out of 10	PyCharm Score 9.0 out of 10
Medium-sized Companies	GitLab Score 8.9 out of 10	PyCharm Score 9.0 out of 10
Enterprises	GitLab Score 8.9 out of 10	PyCharm Score 9.0 out of 10
All Alternatives	View all alternatives	View all alternatives

User Ratings
	Checkmarx	Findbugs
Likelihood to Recommend	7.0 (3 ratings)	7.0 (1 ratings)

User Testimonials
	Checkmarx	Findbugs
Likelihood to Recommend	Checkmarx Chechmarx is really suited for finding wide range of security risks. It although identifies false positives which can be confusing at times. It can do better in terms of scan duration. They are better alternate competitors in the market who can do equally good or even better. It all depends on the scope of the problem you want to address Incentivized Verified User Anonymous Read full review	Open Source Findbugs is best suited even when you want to adapt to certain coding conventions and discover possible bugs beforehand and it's best suited for the java open source. whether you are a developer or a DevOps engineer you can even use it as a plugin in your Jenkins pipeline or any other build automation server and your developer tool such as visual studio as well. Incentivized Arush Soel Associate Staff Engineer Read full review
Pros	Checkmarx Reporting Language support Fix recommendations Incentivized Verified User Anonymous Read full review	Open Source Scan the code for existing bugs present It can detect an vulnerabilities and also show possible bad warnings Can help identify errors in advance to avoid code crash post deployment Incentivized Arush Soel Associate Staff Engineer Read full review
Cons	Checkmarx Lots of false positives Hard to integrate with CI Incentivized Verified User Anonymous Read full review	Open Source It’s documentation is not always up to date Difficulty in finding a prper solution when an issue arises during its configuration has limited features Incentivized Arush Soel Associate Staff Engineer Read full review
Alternatives Considered	Checkmarx We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, developers can make a note of what should be avoided in the future. Overall, it's a great tool and would be a good investment to make. Incentivized Verified User Anonymous Read full review	Open Source Sonar cloud has its own cloud where all the code vulnerabilities are collected and stored as a whole whereas its a plugin that is used in a code itself but the cons is that SonarCloud needs a license if you want to use it privately and also requires personal access token authentication if used with an external service Incentivized Arush Soel Associate Staff Engineer Read full review
Return on Investment	Checkmarx Improved ability to provide high level of IA confidence Improved confidence in application-level security Incentivized Verified User Anonymous Read full review	Open Source Its being used overall by most of the teams Some of the teams migrating to another testing tool as it has limited features Still recommend as its open source and beginners friendly Incentivized Arush Soel Associate Staff Engineer Read full review
ScreenShots