Checkmarx vs. Orca Cloud Security Platform

Checkmarx works best in organizations with secure development practices where code is regularly scanned during development. It's ideal for CI/CD pipelines, ensuring vulnerabilities are caught early. Checkmarx might not be the best for old systems that aren’t updated often, as setting it up can take time. It’s also less useful for teams that mostly use third-party libraries instead of writing their own code.

Incentivized

It's good for finding issues in SSH, ec2 instances, and so on. But it's not good at finding stuff for Serverless lambdas, for containers and some more.

Incentivized

• Reporting
• Language support
• Fix recommendations

Incentivized

• Scanning
• CSPM
• IAM Roles

Incentivized

• Lots of false positives
• Hard to integrate with CI

Incentivized

• Kubernetes
• Docker containers
• Serverless

Incentivized

Checkmarx's usability is generally good, but it can be a bit complex for new users. The interface may take some time to get used to, especially for those unfamiliar with security tools. Once you become familiar with it, it’s effective and integrates well into development workflows.

Incentivized

We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, developers can make a note of what should be avoided in the future. Overall, it's a great tool and would be a good investment to make.

Incentivized

Wiz and aqua are pretty good but Orca has better UI.

Incentivized

• Improved ability to provide high level of IA confidence
• Improved confidence in application-level security

Incentivized

• less need of security team
• easy to use
• it's not costly

Incentivized