# Black Duck vs Checkmarx Comparison --- ## AI Generated Summary - **G2 reviewers report** that Checkmarx excels in user-friendliness, with many users finding it easy to navigate and become familiar with its numerous features. One user highlighted the intuitive scanning tools that effectively identify vulnerabilities, making it a strong choice for teams looking for a straightforward solution. - **Users say** that Black Duck is a powerful tool for identifying open source issues, with its extensive knowledge base being a significant advantage. Reviewers appreciate its ability to minimize false positives and provide alerts for newly discovered vulnerabilities, which is crucial for maintaining security in development environments. - **According to verified reviews** , Checkmarx has a slight edge in quality of support, with users praising the responsiveness and helpfulness of the support team. This can be a deciding factor for organizations that prioritize ongoing assistance and partnership in their software tools. - **Reviewers mention** that while Checkmarx offers a robust set of features, some users have found challenges with the implementation process. However, many still describe it as relatively straightforward, indicating that the benefits may outweigh the initial setup hurdles. - **G2 reviewers highlight** that Black Duck's strength lies in its comprehensive analysis capabilities, particularly for security experts who need to track vulnerabilities over time. Users have noted that its ability to analyze potential vulnerabilities is a key feature that supports their DevSecOps practices. - **Users report** that Checkmarx's product direction is viewed positively, with many feeling confident in the company's innovative approach and commitment to enhancing their offerings. This forward-thinking mindset can be appealing for organizations looking for a long-term partner in application security. | | Black Duck | Checkmarx | |---|---|---| | **Star Rating** | 4.0 out of 5 | 4.2 out of 5 | | **Total Reviews** | 28 | 36 | | **Largest Market Segment** | Enterprise (48.1% of reviews) | Enterprise (53.1% of reviews) | | **Entry Level Price** | No pricing available | No pricing available | --- ## Top Pros & Cons ### Black Duck Pros: - Accuracy of Findings (1 reviews) - Open Source (1 reviews) Cons: - Resource Constraints (1 reviews) ### Checkmarx Pros: - Implementation Ease (2 reviews) - User Interface (2 reviews) Cons: - False Positives (1 reviews) - Lacking Features (1 reviews) --- ## Ratings Comparison | Rating | Black Duck | Checkmarx | |---|---|---| | **Meets Requirements** | 7.9 (16 reviews) | 8.6 (27 reviews) | | **Ease of Use** | 7.8 (16 reviews) | 8.2 (27 reviews) | | **Ease of Setup** | 7.8 (10 reviews) | 7.7 (13 reviews) | | **Ease of Admin** | 8.3 (9 reviews) | 7.9 (13 reviews) | | **Quality of Support** | 7.7 (13 reviews) | 8.3 (22 reviews) | | **Has the product been a good partner in doing business?** | 8.3 (11 reviews) | 8.3 (12 reviews) | | **Product Direction (% positive)** | 6.6 (17 reviews) | 7.5 (23 reviews) | --- ## Pricing ### Black Duck #### Entry-Level Pricing No pricing available #### Free Trial Yes ### Checkmarx #### Entry-Level Pricing No pricing available #### Free Trial Yes --- ## Features Comparison By Category ### Static Application Security Testing (SAST) | Product | Score | Reviews | |---|---|---| | **Black Duck** | N/A | N/A | | **Checkmarx** | 7.8/10 | 6 | #### Administration | Feature | Black Duck | Checkmarx | |---|---|---| | **API / Integrations** | Not enough data | 8.3 (5 reviews) | | **Extensibility** | Not enough data | 8.3 (5 reviews) | #### Analysis | Feature | Black Duck | Checkmarx | |---|---|---| | **Reporting and Analytics** | Not enough data | 8.6 (6 reviews) | | **Issue Tracking** | Not enough data | 8.1 (6 reviews) | | **Static Code Analysis** | Not enough data | 8.3 (6 reviews) | | **Code Analysis** | Not enough data | 8.7 (5 reviews) | #### Testing | Feature | Black Duck | Checkmarx | |---|---|---| | **Command-Line Tools** | Not enough data | 7.7 (5 reviews) | | **Manual Testing** | Not enough data | 7.3 (5 reviews) | | **Test Automation** | Not enough data | Not enough data | | **Compliance Testing** | Not enough data | Not enough data | | **Black-Box Scanning** | Not enough data | Not enough data | | **Detection Rate** | Not enough data | Not enough data | | **False Positives** | Not enough data | 5.3 (5 reviews) | #### Agentic AI - Static Application Security Testing (SAST) | Feature | Black Duck | Checkmarx | |---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | ### Dynamic Application Security Testing (DAST) | Product | Score | Reviews | |---|---|---| | **Black Duck** | N/A | N/A | | **Checkmarx** | N/A | N/A | #### Administration | Feature | Black Duck | Checkmarx | |---|---|---| | **API / Integrations** | Not enough data | Not enough data | | **Extensibility** | Not enough data | Not enough data | #### Analysis | Feature | Black Duck | Checkmarx | |---|---|---| | **Reporting and Analytics** | Not enough data | Not enough data | | **Issue Tracking** | Not enough data | Not enough data | | **Static Code Analysis** | Not enough data | Not enough data | | **Vulnerability Scan** | Not enough data | Not enough data | | **Code Analysis** | Not enough data | Not enough data | #### Testing | Feature | Black Duck | Checkmarx | |---|---|---| | **Manual Testing** | Not enough data | Not enough data | | **Test Automation** | Not enough data | Not enough data | | **Compliance Testing** | Not enough data | Not enough data | | **Black-Box Scanning** | Not enough data | Not enough data | | **Detection Rate** | Not enough data | Not enough data | | **False Positives** | Not enough data | Not enough data | ### Software Composition Analysis | Product | Score | Reviews | |---|---|---| | **Black Duck** | 8.6/10 | 7 | | **Checkmarx** | N/A | N/A | #### Functionality - Software Composition Analysis | Feature | Black Duck | Checkmarx | |---|---|---| | **Language Support** | Not enough data | Not enough data | | **Integration** | 8.0 (5 reviews) | Not enough data | | **Transparency** | 9.3 (5 reviews) | Not enough data | #### Effectiveness - Software Composition Analysis | Feature | Black Duck | Checkmarx | |---|---|---| | **Remediation Suggestions** | 8.3 (5 reviews) | Not enough data | | **Continuous Monitoring** | 8.3 (6 reviews) | Not enough data | | **Thorough Detection** | 9.3 (5 reviews) | Not enough data | ### Secure Code Review | Product | Score | Reviews | |---|---|---| | **Black Duck** | N/A | N/A | | **Checkmarx** | N/A | N/A | #### Documentation | Feature | Black Duck | Checkmarx | |---|---|---| | **Feedback** | Not enough data | Not enough data | | **Prioritization** | Not enough data | Not enough data | | **Remediation Suggestions** | Not enough data | Not enough data | #### Security | Feature | Black Duck | Checkmarx | |---|---|---| | **False Positives** | Not enough data | Not enough data | | **Custom Compliance** | Not enough data | Not enough data | | **Agility** | Not enough data | Not enough data | ### Static Code Analysis | Product | Score | Reviews | |---|---|---| | **Black Duck** | N/A | N/A | | **Checkmarx** | N/A | N/A | #### Agentic AI - Static Code Analysis | Feature | Black Duck | Checkmarx | |---|---|---| | **Adaptive Learning** | Not enough data | Not enough data | | **Natural Language Interaction** | Not enough data | Not enough data | | **Proactive Assistance** | Not enough data | Not enough data | ### AI AppSec Assistants | Product | Score | Reviews | |---|---|---| | **Black Duck** | N/A | N/A | | **Checkmarx** | N/A | N/A | #### Performance - AI AppSec Assistants | Feature | Black Duck | Checkmarx | |---|---|---| | **Remediation** | Not enough data | Not enough data | | **Real-time Vulnerability Detection** | Not enough data | Not enough data | | **Accuracy** | Not enough data | Not enough data | #### Integration - AI AppSec Assistants | Feature | Black Duck | Checkmarx | |---|---|---| | **Stack Integration** | Not enough data | Not enough data | | **Workflow Integration** | Not enough data | Not enough data | | **Codebase Contextual Awareness** | Not enough data | Not enough data | ### Interactive Application Security Testing (IAST) | Product | Score | Reviews | |---|---|---| | **Black Duck** | N/A | N/A | | **Checkmarx** | N/A | N/A | #### Agentic AI - Interactive Application Security Testing (IAST) | Feature | Black Duck | Checkmarx | |---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | --- ## Categories **Shared Categories (1):** [AI AppSec Assistants](https://www.g2.com/categories/ai-appsec-assistants) **Unique to Black Duck (1):** [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis) **Unique to Checkmarx (5):** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast), [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast), [Secure Code Review Software](https://www.g2.com/categories/secure-code-review), [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis), [Interactive Application Security Testing (IAST) Software](https://www.g2.com/categories/interactive-application-security-testing-iast) --- ## Reviewer Demographics ### By Company Size | Segment | Black Duck | Checkmarx | |---|---|---| | **Small-Business** | 14.8% | 18.8% | | **Mid-Market** | 37.0% | 28.1% | | **Enterprise** | 48.1% | 53.1% | ### By Industry #### Black Duck - **Information Technology and Services:** 29.6% - **Computer Software:** 29.6% - **Computer & Network Security:** 7.4% - **Utilities:** 3.7% - **Telecommunications:** 3.7% - **Printing:** 3.7% - **Financial Services:** 3.7% - **Entertainment:** 3.7% - **Computer Hardware:** 3.7% - **Chemicals:** 3.7% - **Other:** 7.4% #### Checkmarx - **Computer Software:** 15.6% - **Information Technology and Services:** 15.6% - **Banking:** 9.4% - **Computer & Network Security:** 9.4% - **Automotive:** 6.3% - **Investment Banking:** 3.1% - **Internet:** 3.1% - **International Trade and Development:** 3.1% - **Insurance:** 3.1% - **Legal Services:** 3.1% - **Other:** 28.1% --- ## Alternatives ### Alternatives to Black Duck - [SonarQube](https://www.g2.com/products/sonarqube/reviews) — 4.4/5 stars (141 reviews) - [Snyk](https://www.g2.com/products/snyk/reviews) — 4.5/5 stars (132 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (25 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2347 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (890 reviews) - [Mend.io](https://www.g2.com/products/mend-io/reviews) — 4.3/5 stars (112 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (790 reviews) - [Semgrep](https://www.g2.com/products/semgrep/reviews) — 4.6/5 stars (55 reviews) - [Replit](https://www.g2.com/products/replit/reviews) — 4.5/5 stars (354 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (309 reviews) ### Alternatives to Checkmarx - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (25 reviews) - [SonarQube](https://www.g2.com/products/sonarqube/reviews) — 4.4/5 stars (141 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (890 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2347 reviews) - [HCL AppScan](https://www.g2.com/products/hcl-appscan/reviews) — 4.1/5 stars (76 reviews) - [Coverity](https://www.g2.com/products/coverity/reviews) — 4.2/5 stars (55 reviews) - [OpenText Core Application Security](https://www.g2.com/products/opentext-core-application-security/reviews) — 4.1/5 stars (34 reviews) - [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) — 4.6/5 stars (69 reviews) - [Snyk](https://www.g2.com/products/snyk/reviews) — 4.5/5 stars (132 reviews) - [Mend.io](https://www.g2.com/products/mend-io/reviews) — 4.3/5 stars (112 reviews) --- ## Top Discussions ### Black Duck No discussions available for this product. ### Checkmarx - Title: [What is Checkmarx used for?](https://www.g2.com/discussions/what-is-checkmarx-used-for) — 2 comments > **Top comment:** "Checkmarx is a static code analysis tool used for SAST (Static application security testing)" - Title: [What is Checkmarx used for?](https://www.g2.com/discussions/checkmarx-what-is-checkmarx-used-for) — 1 comment, 1 upvote > **Top comment:** "Checkmarx is an ultimate tool for Static code scan and analysis through code vulnerability testing, SCA and secret detections. They have a prebuilt engine to..." - Title: [Which testing method does Checkmarx support?](https://www.g2.com/discussions/which-testing-method-does-checkmarx-support) — 1 comment > **Top comment:** "Checkmarx does support all these testing methodologies -Sast, Dast, IAST, SCA " - Title: [Does Checkmarx support DAST?](https://www.g2.com/discussions/does-checkmarx-support-dast) — 1 comment > **Top comment:** "You cannot test DAST Testing using Checkmarx" --- **Source:** [G2.com](https://www.g2.com) | [Comparison Page](https://www.g2.com/compare/black-duck-vs-checkmarx)