Skip to main content
TrustRadius
Checkmarx

Checkmarx

Overview

What is Checkmarx?

Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security…

Read more

Learn from top reviewers

Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Checkmarx?

Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis,…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

435 people also want pricing

Alternatives Pricing

What is SonarQube Server?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

What is GitGuardian Internal Monitoring?

GitGuardian Internal Monitoring helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code…

Return to navigation

Product Demos

Checkmarx One™ SCS (Supply Chain Security) Demonstration

YouTube

Sponsor Demo - Checkmarx - Supply Chain Assurance in DevOps

YouTube

I源碼安全檢測工具I Checkmarx – AppSec Coach Demo Video

YouTube

Sponsor Demo - Checkmarx Application Security Testing (CxAST) Platform Demo

YouTube

I源碼安全檢測工具I Checkmarx – Demo of CxSAST Static Code Analysis Solution

YouTube

How to Integrate Checkmarx with AWS CodePipeline

YouTube
Return to navigation

Product Details

What is Checkmarx?

Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)

Checkmarx Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(20)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Valuable Code Scanning and Accurate Results: Many users have found Checkmarx to be a valuable tool for scanning code and providing accurate results. It allows for in-depth analysis by providing the flow of code from source to execution.

User-Friendly Interface and Intuitive Nature: The easy-to-understand interface and user-friendly nature of Checkmarx have been appreciated by reviewers. They find it very intuitive, making reducing code and scanning for vulnerabilities simple.

Effective Security Threat Identification: Checkmarx has received praise for its ability to scan any application and identify security threats effectively. Users appreciate its reliability in identifying all security vulnerabilities, making their code more secure.

High Number of False Positives: Some users have expressed frustration with Checkmarx reporting a high number of false positives, making it difficult to analyze and control the actual security issues. These users suggest reducing the number of false positives and improving the rules set to minimize this issue.

Complex User Interface: The user interface of Checkmarx is considered complex and not user-friendly by some users. They suggest updating the UI to make it more intuitive and easier to navigate, improving the overall user experience.

Lack of Free Version: Users have mentioned their disappointment in not finding a free version of Checkmarx in the market. Instead, they had to contact sales representatives for an initial comparison, although they found the sales representatives responsive.

Users have provided the following recommendations for Checkmarx:

  • Provide a free edition: Many users would like to see Checkmarx offer a free edition of their software. This would allow potential customers to try out the product before making a purchase, helping them evaluate its capabilities and determine if it meets their specific needs.

  • Lower the price: Some users feel that Checkmarx is comparatively expensive compared to other similar tools on the market. They recommend reducing the price of the software or offering more flexible pricing options, particularly for small businesses or individual developers who may have budget constraints.

  • Improve customer support: Several users have mentioned difficulties in reaching customer support when encountering issues or needing assistance with the software. They suggest enhancing the support system by providing faster response times, more knowledgeable support staff, and additional channels for communication such as live chat or phone support.

To address these recommendations, Checkmarx could consider offering a free edition for trial purposes, adjusting their pricing model to be more competitive, and prioritizing improvements in customer support for a better user experience.

Reviews

(1-1 of 1)

A catchy review of Checkmarx not full of wordplay

Rating: 4 out of 10
August 29, 2016
Vetted Review
Verified User
Checkmarx
1 year of experience
As part of R&D projects for military contracts, we used Checkmarx to help our engineering team improve information assurance and reduce potential security risks in our software. We specifically used it to scan applications written in PHP. Through the many months of use, we found it often had a very large amount of false-positives but the things it did catch was helpful. We refactored several components, libraries and classes and upgraded some of dependencies to reduce the number of results Checkmarx returned. It never found a truly significant security risk, but we were a team of security experts so I'm rather glad about that. Downsides I did see was that it was completely impossible to get set up locally or through a continuous integration system. This was partially because the way Checkmarx was designed, and partially because the security requirements we held in configuring our development and staging environments made it so. We had to interact with Checkmarx by exporting a zip of our codebase and uploading it, and it was a rather large codebase, so it took awhile to scan. Overall, it was a helpful took, but cumbersome to use.
  • Supports a large number of languages
  • Finds a large variety of potential risks
Cons
  • Lots of false positives
  • Hard to integrate with CI
Checkmarx works really well when you actively work with it, rerunning it after change. It gets confused easily when lots of files get changes, and results in a lot of additional false positives.
  • Improved ability to provide high level of IA confidence
  • Improved confidence in application-level security
Return to navigation