Checkmarx scored good marks
May 10, 2021
Checkmarx scored good marks
Score 6 out of 10
Vetted Review
Verified User
Modules Used
- Checkmarx Static Application Security Testing (CxSAST)
Overall Satisfaction with Checkmarx
It is used by the information security team in our company. We run various static code analysis tools on our source code and Checkmarx is one of them. What it helps us with is to generate reports that we can share with our Developers as it is comprehensive and easy to understand.
- Reporting
- Language support
- Fix recommendations
- Scan duration
- False positives
- Integration with other tools like Jenkins comes with some inconveniences.
- Static application security testing.
- Variety of bugs it identifies.
- Best fix location recommendations.
- Great diversity of vulnerabilities covered.
- Quicker scans
- They are feature rich compared to other tools I used in the past.
- Dashboards are not customizable enough.
- High number of false positives take up time and sometimes make our report look bad.
We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, developers can make a note of what should be avoided in the future. Overall, it's a great tool and would be a good investment to make.
Do you think Checkmarx delivers good value for the price?
Yes
Are you happy with Checkmarx's feature set?
Yes
Did Checkmarx live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Checkmarx go as expected?
Yes
Would you buy Checkmarx again?
Yes