Logo of Checkmarx

Checkmarx

Website LinkedIn Twitter

Last updated on

Company health

Employee growth
3% decrease in the last year
Web traffic
16% decrease in the last quarter
Financing
March 2015 - $92M

Ratings

G2
4.2/5
(34)
Glassdoor
3.8/5
(315)

Checkmarx description

Checkmarx offers a comprehensive suite of tools designed to help businesses find and fix security issues within their software. Instead of waiting until a software is released, Checkmarx helps identify vulnerabilities during the development process. This includes scanning custom code, open-source components, and cloud infrastructure. Checkmarx promises accurate vulnerability detection and aims to integrate seamlessly into the workflow of developers, minimizing disruptions. The company boasts a large customer base including Fortune 500 companies and emphasizes its AI-powered solutions for greater efficiency and security coverage.

Who is Checkmarx best for

Checkmarx is a comprehensive security suite ideal for large enterprises undergoing digital transformation. It excels at finding database vulnerabilities and offers valuable training features like Codebashing. However, some users find the cost high and report slow scan times and false positives requiring manual review.

  • Best for large enterprises.

  • Suitable for any industry.

Checkmarx features

Type in the name of the feature or in your own words tell us what you need
Supported

Checkmarx supports API scanning for vulnerabilities through its API Security module.
Supported

Checkmarx supports automated web application security vulnerability scanning through its DAST feature.
Supported

Checkmarx offers infrastructure scanning for IaC templates, covering vulnerabilities and misconfigurations.
Supported

Checkmarx integrates security checks for container image scanning and IaC template scanning into DevOps pipelines.
Supported

Checkmarx supports cross-site scripting testing through its dynamic application security testing feature.
Supported

Checkmarx provides access to a database of known vulnerabilities, including CVEs and its own Cx vulnerabilities.
Supported

Checkmarx can generate SBOMs which include open-source components and dependencies.
Qualities

We evaluate the sentiment that users express about non-functional aspects of the software

Reliability and Performance

Rather positive
+0.33

Checkmarx reviews

We've summarised 34 Checkmarx reviews (Checkmarx G2 reviews) and summarised the main points below.

Pros of Checkmarx
  • Comprehensive SAST solution with wide language support.
  • Easy-to-use interface and vulnerability visualization.
  • Effective CI/CD integration.
  • Detailed vulnerability reports with actionable remediation advice.
  • Codebashing feature is valuable for training and education.
  • Excellent at finding database vulnerabilities.
  • Delta-scan feature reduces scan times for frequent scans.
  • Good open-source vulnerability scanning.
  • Helpful online community for support and troubleshooting.
  • Provides multiple report formats.
Cons of Checkmarx
  • High cost of acquiring all modules.
  • High number of false positives.
  • Slow scanning times.
  • Customer support can be slow.
  • Complex Jenkins integration snippet.
  • Verbose reports can be difficult to parse.
  • UI could be more user-friendly, especially the dashboard and issue descriptions.
  • No free version available to try before purchasing.
  • Limited documentation for Apex specifically.
  • False positives require manual review and can be time-consuming to manage.

Checkmarx pricing

The commentary is based on 3 reviews from Checkmarx G2 reviews.

Checkmarx offers comprehensive SAST and SCA solutions, but reviews frequently cite its high cost as a significant drawback. While users appreciate its features and vulnerability detection capabilities, the pricing may be prohibitive for some organizations.

Users sentiment

Strongly negative
-1

See the Checkmarx pricing page.

Checkmarx alternatives

  • Logo of SonarQube
    checkmarx vs SonarQube
    Better suited for teams focused on code quality and maintainability. Has broader integrations with platforms like Azure DevOps and GitHub. Growing faster than Checkmarx. A Checkmarx competitor and alternative, SonarQube is generally considered easier to use but slower for large projects.
    Read more
  • Logo of Invicti (formerly Netsparker)
    Invicti (formerly Netsparker)
    More focused on web application security. Proof-based scanning ensures fewer false positives. A Checkmarx alternative and competitor.
    Read more
  • Logo of Codiga
    Codiga
    Better for teams focused on code quality and security within their IDE. A Checkmarx alternative, Codiga offers automated code reviews and customizable static analysis rules. Integrates with GitHub, GitLab, and Bitbucket.
    Read more
  • Logo of HCL AppScan
    HCL AppScan
    Grows faster and has better customer support. A Checkmarx competitor and alternative, it offers broader security testing capabilities but can be expensive and complex for new users.
    Read more
  • Logo of Tenable One
    Tenable One
    A Checkmarx alternative, Tenable One is better suited for IT and security teams focusing on vulnerability management across diverse environments. It offers a broader focus on infrastructure and network security, consolidating risks into a unified platform. Tenable One has more momentum in website traffic growth.
    Read more
  • Logo of Vanta
    Vanta
    Better for compliance automation and audit preparation. Geared towards smaller businesses and those in heavily regulated industries needing SOC 2, ISO 27001, or HIPAA compliance. Has more momentum currently.
    Read more

Checkmarx FAQ

  • What is Checkmarx and what does Checkmarx do?

    Checkmarx is a software security platform that helps developers identify and remediate vulnerabilities early in the development process. It offers various scanning capabilities, including static, dynamic, and interactive application security testing, covering code, open-source components, and infrastructure. Checkmarx helps ensure secure software development through accurate vulnerability detection and seamless workflow integration.

  • How does Checkmarx integrate with other tools?

    Checkmarx integrates seamlessly with CI/CD pipelines, enabling DevOps security integration. It supports various tools for API scanning, web application scanning, and infrastructure scanning. It also offers integrations for vulnerability databases and SBOM generation.

  • What the main competitors of Checkmarx?

    Alternatives to Checkmarx include Snyk, Tenable One, HCL AppScan, Microsoft Defender for Cloud, Vanta, and Intruder. These competitors offer similar security analysis and vulnerability management features, catering to various needs and budgets.

  • Is Checkmarx legit?

    Yes, Checkmarx is a legitimate and established application security testing vendor. They offer comprehensive solutions for identifying vulnerabilities in software. However, some users find the cost high and scans slow with false positives.

  • How much does Checkmarx cost?

    Checkmarx doesn't publicly disclose pricing information. Contact their sales team for a custom quote based on your specific product needs and the desired scale of implementation.

  • Is Checkmarx customer service good?

    Checkmarx's customer service receives mixed reviews. While some users appreciate the innovative product and helpful online community, others express frustration with slow response times and the need for more proactive support.

Reviewed by

MK
Michal Kaczor
CEO at Gralio

Michal has worked at startups for many years and writes about topics relating to software selection and IT management. As a former consultant for Bain, a business advisory company, he also knows how to understand needs of any business and find solutions to its problems.

TT
Tymon Terlikiewicz
CTO at Gralio

Tymon is a seasoned CTO who loves finding the perfect tools for any task. He recently headed up the tech department at Batmaid, a well-known Swiss company, where he managed about 60 software purchases, including CX, HR, Payroll, Marketing automation and various developer tools.