Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)
N/A
JFrog Artifactory
Score 8.3 out of 10
N/A
JFrog Artifactory is a software repository management solution for enterprises available on-premise or from the cloud, presented as a single solution for housing and managing all the artifacts, binaries, packages, files, containers, and components for use throughout the software supply chain. JFrog Artifactory serves as a central hub for DevOps, integrating with tools and processes to improve automation, increase integrity, and incorporate best practices along the way.
If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.
It works at scale and a large number of accessible pipelines for searching, repository updates and indexing will become easier. JFrog provides end-to-end solutions for all DevOps needs. With this, Jfrog Artifactory specifically implements the management of highly available repositories, with a smooth interface and integration with all the main CI tools on the market.
Their API based customizations which I leveraged to create an ASPM package, which is developer friendly and can extend above the dashboard features, other ones are UI which is great and feels clutter free. Menu and navigation is also good so as support. Only drawback is sometimes scan takes longer which I feel so can be reduced
The main problem that seems intractable is getting the checksum of the artifact. Managing container artifacts is a game changer for us during project execution, as the container artifact type exposes all base image and Docker file steps. This makes debugging or analysis easier. Jfrog Artifactory provides promotion feature and can automated from one environment repo to another environment repo before the deployment occurs.
Support tickets take days to respond. The most basic of questions that should be knocked out in a few hours don't get answers for days. Tickets are also closed without resolution.
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems
JFrog Artifactory has a much more friendly GUI, making package exploration less of a chore to do. Other than that, their features are pretty much comparable to each other. Both support multiple types of packages; both have API that can integrate well with CI/CD pipelines.
So many times it happens at the time of dependency resolution some of the servers are down e.g NPM, Maven central, PiPy in that cause our builds starts failing. By proxying these repositories with JFrog this is never happened again.
It reduced the additional cost of container image registry and management effort.
Support of integration with Build, Monitoring, and CI tools resulted in smooth automation and management.
