Checkmarx scored good marks
May 10, 2021

Checkmarx scored good marks

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Modules Used

  • Checkmarx Static Application Security Testing (CxSAST)

Overall Satisfaction with Checkmarx

It is used by the information security team in our company. We run various static code analysis tools on our source code and Checkmarx is one of them. What it helps us with is to generate reports that we can share with our Developers as it is comprehensive and easy to understand.
  • Reporting
  • Language support
  • Fix recommendations
  • Scan duration
  • False positives
  • Integration with other tools like Jenkins comes with some inconveniences.
  • Static application security testing.
  • Variety of bugs it identifies.
  • Best fix location recommendations.
  • Great diversity of vulnerabilities covered.
  • Quicker scans
  • They are feature rich compared to other tools I used in the past.
  • Dashboards are not customizable enough.
  • High number of false positives take up time and sometimes make our report look bad.
We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, developers can make a note of what should be avoided in the future. Overall, it's a great tool and would be a good investment to make.

Do you think Checkmarx delivers good value for the price?

Yes

Are you happy with Checkmarx's feature set?

Yes

Did Checkmarx live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Checkmarx go as expected?

Yes

Would you buy Checkmarx again?

Yes

Veracode, Rapid7 InsightAppSec, Qualys Web Application Scanning (WAS)
It is well suited in cases where you wanna share reports with people that do not have a lot of knowledge in security concepts. It would help as the report has elaborate content explaining the issues and fix recommendations. If you want a SAST tool that gives fewer false positives, there are better options compared to Checkmarx. In cases where you want to do SAST scans regularly and quickly, Checkmarx may hold you back with its high count of false positives and lengthy reports.