Checkmarx Reviews

8 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 9.6 out of 100

Do you work for this company? Manage this listing

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-1 of 1)

Anonymous | TrustRadius Reviewer
August 29, 2016

A catchy review of Checkmarx not full of wordplay

Score 4 out of 10
Vetted Review
Verified User
Review Source
As part of R&D projects for military contracts, we used Checkmarx to help our engineering team improve information assurance and reduce potential security risks in our software. We specifically used it to scan applications written in PHP. Through the many months of use, we found it often had a very large amount of false-positives but the things it did catch was helpful. We refactored several components, libraries and classes and upgraded some of dependencies to reduce the number of results Checkmarx returned. It never found a truly significant security risk, but we were a team of security experts so I'm rather glad about that. Downsides I did see was that it was completely impossible to get set up locally or through a continuous integration system. This was partially because the way Checkmarx was designed, and partially because the security requirements we held in configuring our development and staging environments made it so. We had to interact with Checkmarx by exporting a zip of our codebase and uploading it, and it was a rather large codebase, so it took awhile to scan. Overall, it was a helpful took, but cumbersome to use.
  • Supports a large number of languages
  • Finds a large variety of potential risks
  • Lots of false positives
  • Hard to integrate with CI
Checkmarx works really well when you actively work with it, rerunning it after change. It gets confused easily when lots of files get changes, and results in a lot of additional false positives.
Read this authenticated review

Checkmarx Scorecard Summary

About Checkmarx

Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software.

Checkmarx Technical Details

Operating Systems: Unspecified
Mobile Application:No