Logo of Checkmarx

Checkmarx

Website LinkedIn Twitter

Last updated on

Company health

Employee growth
3% decrease in the last year
Web traffic
16% decrease in the last quarter
Financing
March 2015 - $92M

Ratings

G2
4.2/5
(34)
Glassdoor
3.8/5
(315)

Checkmarx description

Checkmarx offers a comprehensive suite of tools designed to help businesses find and fix security issues within their software. Instead of waiting until a software is released, Checkmarx helps identify vulnerabilities during the development process. This includes scanning custom code, open-source components, and cloud infrastructure. Checkmarx promises accurate vulnerability detection and aims to integrate seamlessly into the workflow of developers, minimizing disruptions. The company boasts a large customer base including Fortune 500 companies and emphasizes its AI-powered solutions for greater efficiency and security coverage.

Who is Checkmarx best for

Checkmarx is a comprehensive security suite ideal for large enterprises undergoing digital transformation. It excels at finding database vulnerabilities and offers valuable training features like Codebashing. However, some users find the cost high and report slow scan times and false positives requiring manual review.

  • Best for large enterprises.

  • Suitable for any industry.

Checkmarx features

Supported

Checkmarx supports API scanning for vulnerabilities through its API Security module.

Supported

Checkmarx supports automated web application security vulnerability scanning through its DAST feature.

Supported

Checkmarx offers infrastructure scanning for IaC templates, covering vulnerabilities and misconfigurations.

Supported

Checkmarx integrates security checks for container image scanning and IaC template scanning into DevOps pipelines.

Supported

Checkmarx supports cross-site scripting testing through its dynamic application security testing feature.

Supported

Checkmarx provides access to a database of known vulnerabilities, including CVEs and its own Cx vulnerabilities.

Supported

Checkmarx can generate SBOMs which include open-source components and dependencies.

Qualities

We evaluate the sentiment that users express about non-functional aspects of the software

Reliability and Performance

Rather positive
+0.33

Checkmarx reviews

We've summarised 34 Checkmarx reviews (Checkmarx G2 reviews) and summarised the main points below.

Pros of Checkmarx
  • Comprehensive SAST solution with wide language support.
  • Easy-to-use interface and vulnerability visualization.
  • Effective CI/CD integration.
  • Detailed vulnerability reports with actionable remediation advice.
  • Codebashing feature is valuable for training and education.
  • Excellent at finding database vulnerabilities.
  • Delta-scan feature reduces scan times for frequent scans.
  • Good open-source vulnerability scanning.
  • Helpful online community for support and troubleshooting.
  • Provides multiple report formats.
Cons of Checkmarx
  • High cost of acquiring all modules.
  • High number of false positives.
  • Slow scanning times.
  • Customer support can be slow.
  • Complex Jenkins integration snippet.
  • Verbose reports can be difficult to parse.
  • UI could be more user-friendly, especially the dashboard and issue descriptions.
  • No free version available to try before purchasing.
  • Limited documentation for Apex specifically.
  • False positives require manual review and can be time-consuming to manage.

Checkmarx pricing

The commentary is based on 3 reviews from Checkmarx G2 reviews.

Checkmarx offers comprehensive SAST and SCA solutions, but reviews frequently cite its high cost as a significant drawback. While users appreciate its features and vulnerability detection capabilities, the pricing may be prohibitive for some organizations.

Users sentiment

Strongly negative
-1

See the Checkmarx pricing page.

Checkmarx alternatives

  • Logo of SonarQube
    checkmarx vs SonarQube
    Automated code analysis for cleaner, safer, and more reliable software.
    Read more
  • Logo of HCL AppScan
    HCL AppScan
    Finds security flaws in your web apps and APIs.
    Read more
  • Logo of Snyk
    Snyk
    Finds and fixes security holes in your code and infrastructure.
    Read more
  • Logo of Bright Security
    Bright Security
    Finds and fixes website security flaws so you can ship securely.
    Read more
  • Logo of Contrast Security
    Contrast Security
    Finds software vulnerabilities instantly, so developers build secure apps.
    Read more
  • Logo of Aikido Security
    Aikido Security
    Finds and fixes cloud security holes in your code and infrastructure.
    Read more

Checkmarx FAQ

  • What is Checkmarx and what does Checkmarx do?

    Checkmarx is a software security platform that helps developers identify and remediate vulnerabilities early in the development process. It offers various scanning capabilities, including static, dynamic, and interactive application security testing, covering code, open-source components, and infrastructure. Checkmarx helps ensure secure software development through accurate vulnerability detection and seamless workflow integration.

  • How does Checkmarx integrate with other tools?

    Checkmarx integrates seamlessly with CI/CD pipelines, enabling DevOps security integration. It supports various tools for API scanning, web application scanning, and infrastructure scanning. It also offers integrations for vulnerability databases and SBOM generation.

  • What the main competitors of Checkmarx?

    Alternatives to Checkmarx include Snyk, Tenable One, HCL AppScan, Microsoft Defender for Cloud, Vanta, and Intruder. These competitors offer similar security analysis and vulnerability management features, catering to various needs and budgets.

  • Is Checkmarx legit?

    Yes, Checkmarx is a legitimate and established application security testing vendor. They offer comprehensive solutions for identifying vulnerabilities in software. However, some users find the cost high and scans slow with false positives.

  • How much does Checkmarx cost?

    Checkmarx doesn't publicly disclose pricing information. Contact their sales team for a custom quote based on your specific product needs and the desired scale of implementation.

  • Is Checkmarx customer service good?

    Checkmarx's customer service receives mixed reviews. While some users appreciate the innovative product and helpful online community, others express frustration with slow response times and the need for more proactive support.

Reviewed by

MK
Michal Kaczor
CEO at Gralio

Michal has worked at startups for many years and writes about topics relating to software selection and IT management. As a former consultant for Bain, a business advisory company, he also knows how to understand needs of any business and find solutions to its problems.

TT
Tymon Terlikiewicz
CTO at Gralio

Tymon is a seasoned CTO who loves finding the perfect tools for any task. He recently headed up the tech department at Batmaid, a well-known Swiss company, where he managed about 60 software purchases, including CX, HR, Payroll, Marketing automation and various developer tools.

NEW: Introducing Gralio Screen Buddy

An AI tool that observes your work, finds inefficiencies, and suggests smarter ways to do things. Maybe you can use your tools better, automate tasks, or switch software.

For Individuals
Streamline your daily tasks, get helpful AI tips, and find the right tools for your workflow.
For Businesses
See how your team really works, uncover automation opportunities, and get software recommendations tailored to your processes.