Review of Checkmarx: Pros, Cons, and How It Fits into Our Development Process.
January 12, 2025

Review of Checkmarx: Pros, Cons, and How It Fits into Our Development Process.

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Checkmarx Static Application Security Testing (CxSAST)
  • Checkmarx Software Composition Analysis (CxSCA)

Overall Satisfaction with Checkmarx

We use Checkmarx to scan our code for security vulnerabilities during development. It helps us find and fix issues early, reducing the risk of security breaches. Our developers and security team mainly use the tool to ensure our applications are safe before release. It addresses the challenge of maintaining secure code in a fast-paced development cycle.

Pros

  • Detects security vulnerabilities in source code with accuracy and detail.
  • Integrates seamlessly with CI/CD pipelines, IDEs, and repositories.
  • Provides clear reports and actionable fix recommendations for developers.

Cons

  • Scans can be slow for large codebases, which may disrupt development workflows.
  • The interface can overwhelm new users, making navigation and setup challenging.
  • Reports occasionally flag non-issues, requiring extra time for manual validation.
  • Checkmarx helps us identify security issues early, reducing the risk of costly breaches.
  • It saves time by automating security scans, allowing developers to focus on other tasks.
  • It improves code quality, leading to a more secure product and greater customer trust.
Checkmarx's usability is generally good, but it can be a bit complex for new users. The interface may take some time to get used to, especially for those unfamiliar with security tools. Once you become familiar with it, it’s effective and integrates well into development workflows.
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems

Do you think Checkmarx delivers good value for the price?

Yes

Are you happy with Checkmarx's feature set?

Yes

Did Checkmarx live up to sales and marketing promises?

Yes

Did implementation of Checkmarx go as expected?

No

Would you buy Checkmarx again?

Yes

Checkmarx works best in organizations with secure development practices where code is regularly scanned during development. It's ideal for CI/CD pipelines, ensuring vulnerabilities are caught early. Checkmarx might not be the best for old systems that aren’t updated often, as setting it up can take time. It’s also less useful for teams that mostly use third-party libraries instead of writing their own code.

Comments

More Reviews of Checkmarx

  1. Home
  2. Application Security Tools
  3. Checkmarx Reviews
  4. User Review of Checkmarx