Checkmarx vs. Orca Cloud Security Platform

If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.

Incentivized

It's good for finding issues in SSH, ec2 instances, and so on. But it's not good at finding stuff for Serverless lambdas, for containers and some more.

Incentivized

• Detects security vulnerabilities in source code with accuracy and detail.
• Integrates seamlessly with CI/CD pipelines, IDEs, and repositories.
• Provides clear reports and actionable fix recommendations for developers.

Incentivized

• Scanning
• CSPM
• IAM Roles

Incentivized

• Scan duration
• False positives
• Integration with other tools like Jenkins comes with some inconveniences.

Incentivized

• Kubernetes
• Docker containers
• Serverless

Incentivized

Their API based customizations which I leveraged to create an ASPM package, which is developer friendly and can extend above the dashboard features, other ones are UI which is great and feels clutter free. Menu and navigation is also good so as support. Only drawback is sometimes scan takes longer which I feel so can be reduced

Incentivized

Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems

Incentivized

Wiz and aqua are pretty good but Orca has better UI.

Incentivized

• Improved ability to provide high level of IA confidence
• Improved confidence in application-level security

Incentivized

• less need of security team
• easy to use
• it's not costly

Incentivized