Checkmarx One

About Checkmarx One
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
*Static Application Security Testing (SAST)
*Software Composition Analysis (SCA)
*API security
*Dynamic Application Security Testing (DAST)
*Container security
*IaC security
*Correlation, prioritization and risk management
*Codebashing secure code training
*AI security
*Tech partnerships extending AppSec into runtime analysis
*Developer tool integrations including: CI/CD tools,
development frameworks, feedback tools, IDEs,
programming languages and SCMs
Checkmarx One helps secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving toolset, Checkmarx One helps consolidate AppSec solutions and make better sense of results.
Images



Not sure about Checkmarx One?
Compare with a popular alternative
Starting Price
Pricing Options
Features
Integrations
Ease of Use
Value for Money
Customer Service
Alternatives
Jira

Veracode

SonarQube

BuildPiper

Reviews
Already have Checkmarx One?
Software buyers need your help! Product reviews help the rest of us make great decisions.

- Industry: Hospital & Health Care
- Company size: 10,000+ Employees
- Used Daily for 2+ years
-
Review Source
Overall rating
- Ease of Use
- Likelihood to recommend 10.0 /10
Gives a full 360 degree view of vulnerabilities in static code
Reviewed on 2023/01/22
My personal overall experience with SAST is positive. I like that I can tweak queries myself and if...
My personal overall experience with SAST is positive. I like that I can tweak queries myself and if there is something I can't do, support is just a phone call/ticket away. They respond to all inquiries very quickly.
Pros
The ability to use CI/CD pipelines so when the build task kicks off, scanning for static code and open source libraries is done at build time.
Cons
The only thing I do not like is we have some languages that the product does not support like ColdFusion and R-Code.
Alternatives Considered
Veracode- Industry: Banking
- Company size: 1,001–5,000 Employees
- Used Daily for 2+ years
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 8.0 /10
Checkmarx a strong and reliable competitor
Reviewed on 2021/11/18
It has been a good experience, the support is fast and reliable. The tool work as expected and you...
It has been a good experience, the support is fast and reliable. The tool work as expected and you can use the api integration to go even further.
Pros
Easy of use, the 0 complexity it adds to configure a new project, it feels to work in a collaborative way even in an on premise environment.
Cons
The implementation requires Windows and SQL, i would prefer that it runs on linux with postgresql.
The reporting could be improved.
- Industry: Financial Services
- Company size: 51–200 Employees
- Used Daily for 6-12 months
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 3.0 /10
Super expensive but also feels outdated
Reviewed on 2022/03/25
Overall I did not enjoy using it.
Overall I did not enjoy using it.
Pros
It certainly covers all the vulnerability rules you would ever need.
Cons
It is SUPER expensive, very slow and the reporting is too messy. It would have been better if it can take a more integrated into the code approach like Sonar.
- Industry: Computer & Network Security
- Company size: 11–50 Employees
- Used Daily for 2+ years
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 10.0 /10
CxSAST - A great static software analyzer
Reviewed on 2021/01/15
Pros
CXSast has several very important advantages. The first is that the code is scanned before it is even compiled, this means that de developers can scan and fix while they are still in the coding process.
Second CXSAST fully integrates in any devops proces. Scanning and reporting will be doen from within the screens developers work in, so no unneccesary switching between screens. (see extention CXflow)
Nex to that the rules (or queries) are open, every one can see them or a organisation can tailor them to their own need. If needed a FP free setup can be created!
V9.3 now enable installation of the engines on Linux, you can dockarize the stuff
Last but not least CXSast can be setup with additions such as CX-SCA (opensource analysis) and CX-IAST (passive IAST scanning)
Cons
The installation can sometimes be difficult. However Checkmarx counters this by offering free installation services for their costumers.

- Industry: Banking
- Company size: 10,000+ Employees
- Used Weekly for 2+ years
-
Review Source
Overall rating
- Ease of Use
- Likelihood to recommend 8.0 /10
Preferred Vulnerability Management Tool
Reviewed on 2022/11/12
Pros
Can be used to analyse application, source code, byte code, and binaries for coding and design conditions.Key elements of the checkmarx dashboard can be split into two sections, namely scan, statistics and scan trends.
Cons
Unavailable or downtime of application causes delay in deploying the code through pipeline which is integrated with Checkmarx.
Checkmarx One FAQs
Below are some frequently asked questions for Checkmarx One.Q. What type of pricing plans does Checkmarx One offer?
Checkmarx One offers the following pricing plans:
- Free Trial: Not Available
Please contact CHECKMARX for pricing details.
Q. Who are the typical users of Checkmarx One?
Checkmarx One has the following typical customers:
1,001–5,000
Q. What languages does Checkmarx One support?
Checkmarx One supports the following languages:
English
Q. Does Checkmarx One support mobile devices?
Checkmarx One supports the following devices:
Q. What other apps does Checkmarx One integrate with?
Checkmarx One integrates with the following applications:
AWS CodePipeline, AZURA, AppVeyor, Bamboo, Bitbucket, GitHub, GitLab, IntelliJ IDEA, ThreadFix, Visual Studio Code, Vulcan Cyber
Q. What level of support does Checkmarx One offer?
Checkmarx One offers the following support options:
Email/Help Desk, FAQs/Forum, Knowledge Base, Phone Support, Chat
Related categories
See all software categories found for Checkmarx One.