TrustRadius
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software.https://dudodiprj2sv7.cloudfront.net/product-logos/kP/nL/EVRM2KK9NNJV.jpegA catchy review of Checkmarx not full of wordplayAs part of R&D projects for military contracts, we used Checkmarx to help our engineering team improve information assurance and reduce potential security risks in our software. We specifically used it to scan applications written in PHP. Through the many months of use, we found it often had a very large amount of false-positives but the things it did catch was helpful. We refactored several components, libraries and classes and upgraded some of dependencies to reduce the number of results Checkmarx returned. It never found a truly significant security risk, but we were a team of security experts so I'm rather glad about that. Downsides I did see was that it was completely impossible to get set up locally or through a continuous integration system. This was partially because the way Checkmarx was designed, and partially because the security requirements we held in configuring our development and staging environments made it so. We had to interact with Checkmarx by exporting a zip of our codebase and uploading it, and it was a rather large codebase, so it took awhile to scan. Overall, it was a helpful took, but cumbersome to use.,Supports a large number of languages Finds a large variety of potential risks,Lots of false positives Hard to integrate with CI,4,Improved ability to provide high level of IA confidence Improved confidence in application-level security
Unspecified
Checkmarx
5 Ratings
Score 8.7 out of 101
TRScore

Checkmarx Reviews

Checkmarx
5 Ratings
Score 8.7 out of 101
Show Filters 
Hide Filters 
Filter 5 vetted Checkmarx reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-1 of 1)
  Vendors can't alter or remove reviews. Here's why.
No photo available
August 29, 2016

"A catchy review of Checkmarx not full of wordplay"

Score 4 out of 10
Vetted Review
Verified User
Review Source
As part of R&D projects for military contracts, we used Checkmarx to help our engineering team improve information assurance and reduce potential security risks in our software. We specifically used it to scan applications written in PHP. Through the many months of use, we found it often had a very large amount of false-positives but the things it did catch was helpful. We refactored several components, libraries and classes and upgraded some of dependencies to reduce the number of results Checkmarx returned. It never found a truly significant security risk, but we were a team of security experts so I'm rather glad about that. Downsides I did see was that it was completely impossible to get set up locally or through a continuous integration system. This was partially because the way Checkmarx was designed, and partially because the security requirements we held in configuring our development and staging environments made it so. We had to interact with Checkmarx by exporting a zip of our codebase and uploading it, and it was a rather large codebase, so it took awhile to scan. Overall, it was a helpful took, but cumbersome to use.
  • Supports a large number of languages
  • Finds a large variety of potential risks
  • Lots of false positives
  • Hard to integrate with CI
Checkmarx works really well when you actively work with it, rerunning it after change. It gets confused easily when lots of files get changes, and results in a lot of additional false positives.
Read this authenticated review

Checkmarx Scorecard Summary

About Checkmarx

Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software.
Categories:  Application Security

Checkmarx Technical Details

Operating Systems: Unspecified
Mobile Application:No