Skip to main content
TrustRadius
Checkmarx

Checkmarx

Overview

What is Checkmarx?

Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security…

Read more
Recent Reviews

TrustRadius Insights

Valuable Code Scanning and Accurate Results: Many users have found Checkmarx to be a valuable tool for scanning code and providing …
Continue reading

SAST tool review

7 out of 10
February 06, 2023
Incentivized
Checkmarx is used in our organization to scan code base or applications and perform security analysis. The SAST tool of the Checkmarx is …
Continue reading
Read all reviews
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Checkmarx?

Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis,…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

361 people also want pricing

Alternatives Pricing

What is SonarQube?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

What is F5 Distributed Cloud Bot Defense?

F5 Distributed Cloud Bot Defense (formerly Shape Defense, acquired January 2020) provides security to protect a website from bots, fake users, and unauthorized transactions, preventing large scale fraud and eroded user experiences. Companies get visibility, detection and mitigation outcomes to…

Return to navigation

Product Demos

Checkmarx One™ SCS (Supply Chain Security) Demonstration

YouTube

Sponsor Demo - Checkmarx - Supply Chain Assurance in DevOps

YouTube

I源碼安全檢測工具I Checkmarx – AppSec Coach Demo Video

YouTube

Sponsor Demo - Checkmarx Application Security Testing (CxAST) Platform Demo

YouTube

I源碼安全檢測工具I Checkmarx – Demo of CxSAST Static Code Analysis Solution

YouTube

How to Integrate Checkmarx with AWS CodePipeline

YouTube
Return to navigation

Product Details

Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(20)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Valuable Code Scanning and Accurate Results: Many users have found Checkmarx to be a valuable tool for scanning code and providing accurate results. It allows for in-depth analysis by providing the flow of code from source to execution.

User-Friendly Interface and Intuitive Nature: The easy-to-understand interface and user-friendly nature of Checkmarx have been appreciated by reviewers. They find it very intuitive, making reducing code and scanning for vulnerabilities simple.

Effective Security Threat Identification: Checkmarx has received praise for its ability to scan any application and identify security threats effectively. Users appreciate its reliability in identifying all security vulnerabilities, making their code more secure.

High Number of False Positives: Some users have expressed frustration with Checkmarx reporting a high number of false positives, making it difficult to analyze and control the actual security issues. These users suggest reducing the number of false positives and improving the rules set to minimize this issue.

Complex User Interface: The user interface of Checkmarx is considered complex and not user-friendly by some users. They suggest updating the UI to make it more intuitive and easier to navigate, improving the overall user experience.

Lack of Free Version: Users have mentioned their disappointment in not finding a free version of Checkmarx in the market. Instead, they had to contact sales representatives for an initial comparison, although they found the sales representatives responsive.

Users have provided the following recommendations for Checkmarx:

  • Provide a free edition: Many users would like to see Checkmarx offer a free edition of their software. This would allow potential customers to try out the product before making a purchase, helping them evaluate its capabilities and determine if it meets their specific needs.

  • Lower the price: Some users feel that Checkmarx is comparatively expensive compared to other similar tools on the market. They recommend reducing the price of the software or offering more flexible pricing options, particularly for small businesses or individual developers who may have budget constraints.

  • Improve customer support: Several users have mentioned difficulties in reaching customer support when encountering issues or needing assistance with the software. They suggest enhancing the support system by providing faster response times, more knowledgeable support staff, and additional channels for communication such as live chat or phone support.

To address these recommendations, Checkmarx could consider offering a free edition for trial purposes, adjusting their pricing model to be more competitive, and prioritizing improvements in customer support for a better user experience.

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
February 06, 2023

SAST tool review

Score 7 out of 10
Vetted Review
Verified User
Incentivized
Checkmarx is used in our organization to scan code base or applications and perform security analysis. The SAST tool of the Checkmarx is used for scanning the code and finding the security defects. It addresses the security concerns and eliminates manual security review. The scope includes 75% of the organization's code base.
  • Recommendations to fix the security findings
  • Reports
  • Finds wide range of security risks
  • Time taken for scan
  • False positives
  • Integrations with other systems
Chechmarx is really suited for finding wide range of security risks. It although identifies false positives which can be confusing at times. It can do better in terms of scan duration. They are better alternate competitors in the market who can do equally good or even better. It all depends on the scope of the problem you want to address
  • SAST scanning tool
  • Reporting
  • Recommendations to fix security defects
  • Reduced manual effort to analyse and fix the code
  • Can easily summarize findings through reports
Score 6 out of 10
Vetted Review
Verified User
Incentivized
It is used by the information security team in our company. We run various static code analysis tools on our source code and Checkmarx is one of them. What it helps us with is to generate reports that we can share with our Developers as it is comprehensive and easy to understand.
  • Reporting
  • Language support
  • Fix recommendations
  • Scan duration
  • False positives
  • Integration with other tools like Jenkins comes with some inconveniences.
It is well suited in cases where you wanna share reports with people that do not have a lot of knowledge in security concepts. It would help as the report has elaborate content explaining the issues and fix recommendations. If you want a SAST tool that gives fewer false positives, there are better options compared to Checkmarx. In cases where you want to do SAST scans regularly and quickly, Checkmarx may hold you back with its high count of false positives and lengthy reports.
  • Static application security testing.
  • Variety of bugs it identifies.
  • Best fix location recommendations.
  • Great diversity of vulnerabilities covered.
  • Quicker scans
  • They are feature rich compared to other tools I used in the past.
  • Dashboards are not customizable enough.
  • High number of false positives take up time and sometimes make our report look bad.
We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, developers can make a note of what should be avoided in the future. Overall, it's a great tool and would be a good investment to make.
Veracode, Rapid7 InsightAppSec, Qualys Web Application Scanning (WAS)
Score 4 out of 10
Vetted Review
Verified User
Incentivized
As part of R&D projects for military contracts, we used Checkmarx to help our engineering team improve information assurance and reduce potential security risks in our software. We specifically used it to scan applications written in PHP. Through the many months of use, we found it often had a very large amount of false-positives but the things it did catch was helpful. We refactored several components, libraries and classes and upgraded some of dependencies to reduce the number of results Checkmarx returned. It never found a truly significant security risk, but we were a team of security experts so I'm rather glad about that. Downsides I did see was that it was completely impossible to get set up locally or through a continuous integration system. This was partially because the way Checkmarx was designed, and partially because the security requirements we held in configuring our development and staging environments made it so. We had to interact with Checkmarx by exporting a zip of our codebase and uploading it, and it was a rather large codebase, so it took awhile to scan. Overall, it was a helpful took, but cumbersome to use.
  • Supports a large number of languages
  • Finds a large variety of potential risks
  • Lots of false positives
  • Hard to integrate with CI
Checkmarx works really well when you actively work with it, rerunning it after change. It gets confused easily when lots of files get changes, and results in a lot of additional false positives.
  • Improved ability to provide high level of IA confidence
  • Improved confidence in application-level security
Return to navigation