Checkmarx Review: Pros, Cons, Features, and Pricing
Checkmarx One is an application security testing software that provides tools to monitor application source code and cloud dependencies. It's ideal for IT departments in sectors like finance and healthcare, where application security is paramount. Checkmarx delivers comprehensive security analysis to protect your code from vulnerabilities.
Checkmarx addresses security vulnerabilities, helping development and security teams safeguard applications. In this article, I'll cover Checkmarx's features, pros and cons, use cases, pricing, and more, so you can decide if it aligns with your security needs and goals.
Checkmarx Evaluation Summary
- Pricing upon request
- Free demo available
Why Trust Our Software Reviews
Checkmarx Overview
In my opinion, Checkmarx One is a solid choice for teams that require a cloud-native application security (AppSec) testing suite. It excels in vulnerability detection and offers strong integration capabilities. Compared to others, its interface is intuitive, but onboarding might take a bit longer for complex environments. The pricing is competitive, making it suitable for mid-sized to large enterprises. However, smaller teams with limited budgets might find it pricey. If security is your top priority, Checkmarx is worth considering.
pros
-
It provides comprehensive security analysis to protect your code.
-
The user interface is intuitive and easy for your team to navigate.
-
It offers excellent security vulnerability detection for your applications.
cons
-
It may have a steeper learning curve for new users in your team.
-
Customer support response times might not meet your expectations.
-
Onboarding can take longer than expected for complex testing environments.
-
Site24x7
Visit WebsiteThis is an aggregated rating for this tool including ratings from Crozdesk users and ratings from other sites.4.6 -
Docker
Visit WebsiteThis is an aggregated rating for this tool including ratings from Crozdesk users and ratings from other sites.4.6 -
Pulumi
Visit WebsiteThis is an aggregated rating for this tool including ratings from Crozdesk users and ratings from other sites.4.8
Our Review Methodology
How We Test & Score Tools
We’ve spent years building, refining, and improving our software testing and scoring system. The rubric is designed to capture the nuances of software selection and what makes a tool effective, focusing on critical aspects of the decision-making process.
Below, you can see exactly how our testing and scoring works across seven criteria. It allows us to provide an unbiased evaluation of the software based on core functionality, standout features, ease of use, onboarding, customer support, integrations, customer reviews, and value for money.
Core Functionality (25% of final scoring)
The starting point of our evaluation is always the core functionality of the tool. Does it have the basic features and functions that a user would expect to see? Are any of those core features locked to higher-tiered pricing plans? At its core, we expect a tool to stand up against the baseline capabilities of its competitors.
Standout Features (25% of final scoring)
Next, we evaluate uncommon standout features that go above and beyond the core functionality typically found in tools of its kind. A high score reflects specialized or unique features that make the product faster, more efficient, or offer additional value to the user.
We also evaluate how easy it is to integrate with other tools typically found in the tech stack to expand the functionality and utility of the software. Tools offering plentiful native integrations, 3rd party connections, and API access to build custom integrations score best.
Ease of Use (10% of final scoring)
We consider how quick and easy it is to execute the tasks defined in the core functionality using the tool. High scoring software is well designed, intuitive to use, offers mobile apps, provides templates, and makes relatively complex tasks seem simple.
Onboarding (10% of final scoring)
We know how important rapid team adoption is for a new platform, so we evaluate how easy it is to learn and use a tool with minimal training. We evaluate how quickly a team member can get set up and start using the tool with no experience. High scoring solutions indicate little or no support is required.
Customer Support (10% of final scoring)
We review how quick and easy it is to get unstuck and find help by phone, live chat, or knowledge base. Tools and companies that provide real-time support score best, while chatbots score worst.
Customer Reviews (10% of final scoring)
Beyond our own testing and evaluation, we consider the net promoter score from current and past customers. We review their likelihood, given the option, to choose the tool again for the core functionality. A high scoring software reflects a high net promoter score from current or past customers.
Value for Money (10% of final scoring)
Lastly, in consideration of all the other criteria, we review the average price of entry level plans against the core features and consider the value of the other evaluation criteria. Software that delivers more, for less, will score higher.
Core Features
Static Application Security Testing (SAST): Checkmarx SAST scans your codebases and binaries for vulnerabilities before deployment. It helps development and operation (DevOps) teams catch security issues early in the development process.
Software Composition Analysis (SCA): SCA identifies open-source components in your applications and checks for known vulnerabilities. Your team can manage and mitigate risks efficiently.
Interactive Application Security Testing (IAST): IAST tests your apps in real-time, identifying vulnerabilities during runtime. It provides your team with actionable insights for immediate fixes.
Dynamic Application Security Testing (DAST): Run scans to identify runtime vulnerabilities, enhancing application and API security.
Custom Policies: You can tailor security policies to fit your specific needs. This flexibility allows your team to focus on what's most important to your security strategy.
Detailed Reporting: Checkmarx provides comprehensive reports on vulnerabilities and their fixes. Your team gets clear visibility into security issues and solutions.
Ease of Use
Checkmarx has an intuitive interface that makes it easier for your team to navigate compared to more complex solutions. While the setup might take some time, once you're up and running, the features are straightforward to use. The visual workflow builder simplifies process customization, allowing your team to adapt it to your needs quickly. User reviews highlight that the learning curve is manageable. However, there are incidents of false positives, which might complicate remediation efforts.
Integrations
Checkmarx integrates with AWS, Azure, Sonarqube, GitHub, GitLab, Bitbucket, Jenkins, CircleCI, Jira, IntelliJ, and more.
Checkmarx also offers an application programming interface (API) and connects with third-party integration tools.
Checkmarx Specs
- A/B Testing
- API
- Automated Testing
- Browser Compatibility Testing
- Bug Tracking
- Calendar Management
- CI/CD Integration
- Dashboard
- Data Export
- Data Import
- Data Visualization
- Developer Tools
- External Integrations
- History/Version Control
- Manual Testing
- Multi-User
- Notifications
- Performance Testing
- Regression Testing
- Scheduling
- Status Notifications
- Third-Party Plugins/Add-Ons
