TrustRadius: an HG Insights company

Checkmarx

Score8.6 out of 10

22 Reviews and Ratings

Get a Demo

What is Checkmarx?

Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)

Categories & Use Cases

Reviews

What users are saying about Checkmarx.
View all reviews

Checkmarks for improving overall SAST security posture

Incentivized
Abhineet SagarView profile
DevSecOps Engineer II in Engineering at Circles (501-1000 employees employees)

Use Cases and Deployment Scope

Checkmarx was uses as a reactive security sast control in my org, to detect code security scans, secret detection and license scanning. We also used it to assess our overall sast structure by dashboards and metrics such as MTTR etc. There were lot of grey areas where devs needed assistance with the vulnerable piece of code and checkmarx used to provide great insights on that.

Pros

  • Code security scans where issues needs to be tagged as Critical or High and needs to be merged into PR
  • Secrets that are hardcoded in the code or comments of the PR
  • License scanning where devs will be having an idea if they are using right set of open source packages

Cons

  • DAST capability can be the one where it does not support native use case of using OTP based arch
  • API Scanning is something that lacks a bit due to not much customizations
  • Branch wise reports for SAST is not available

Return on Investment

  • One product usually for all the SAST need helped us evaluate our security posture

Usability

Other Software Used

SonarQube Server, Veracode

Review of Checkmarx: Pros, Cons, and How It Fits into Our Development Process.

Incentivized
Verified User
Engineer in Information Technology (1001-5000 employees employees)

Use Cases and Deployment Scope

We use Checkmarx to scan our code for security vulnerabilities during development. It helps us find and fix issues early, reducing the risk of security breaches. Our developers and security team mainly use the tool to ensure our applications are safe before release. It addresses the challenge of maintaining secure code in a fast-paced development cycle.

Pros

  • Detects security vulnerabilities in source code with accuracy and detail.
  • Integrates seamlessly with CI/CD pipelines, IDEs, and repositories.
  • Provides clear reports and actionable fix recommendations for developers.

Cons

  • Scans can be slow for large codebases, which may disrupt development workflows.
  • The interface can overwhelm new users, making navigation and setup challenging.
  • Reports occasionally flag non-issues, requiring extra time for manual validation.

Return on Investment

  • Checkmarx helps us identify security issues early, reducing the risk of costly breaches.
  • It saves time by automating security scans, allowing developers to focus on other tasks.
  • It improves code quality, leading to a more secure product and greater customer trust.

Usability

Alternatives Considered

Veracode

Other Software Used

Bugcrowd, Tenable Web App Scanning, Tenable Nessus

SAST tool review

Incentivized
Verified User
Engineer in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

Checkmarx is used in our organization to scan code base or applications and perform security analysis. The SAST tool of the Checkmarx is used for scanning the code and finding the security defects. It addresses the security concerns and eliminates manual security review. The scope includes 75% of the organization's code base.

Pros

  • Recommendations to fix the security findings
  • Reports
  • Finds wide range of security risks

Cons

  • Time taken for scan
  • False positives
  • Integrations with other systems

Most Important Features

  • SAST scanning tool
  • Reporting
  • Recommendations to fix security defects

Return on Investment

  • Reduced manual effort to analyse and fix the code
  • Can easily summarize findings through reports

Checkmarx scored good marks

Incentivized
Verified User
Engineer in Research & Development (1001-5000 employees employees)

Pros

  • Reporting
  • Language support
  • Fix recommendations

Cons

  • Scan duration
  • False positives
  • Integration with other tools like Jenkins comes with some inconveniences.

Most Important Features

  • Static application security testing.
  • Variety of bugs it identifies.
  • Best fix location recommendations.

Return on Investment

  • Great diversity of vulnerabilities covered.
  • Quicker scans
  • They are feature rich compared to other tools I used in the past.
  • Dashboards are not customizable enough.
  • High number of false positives take up time and sometimes make our report look bad.

Alternatives Considered

Veracode and Rapid7 InsightAppSec

Other Software Used

Veracode, Rapid7 InsightAppSec, Qualys Web Application Scanning (WAS)

A catchy review of Checkmarx not full of wordplay

Incentivized
Verified User
Team Lead in Research & Development (11-50 employees employees)

Pros

  • Supports a large number of languages
  • Finds a large variety of potential risks

Cons

  • Lots of false positives
  • Hard to integrate with CI

Return on Investment

  • Improved ability to provide high level of IA confidence
  • Improved confidence in application-level security