CheckMarx Alternatives & Competitors

Coverity static analysis by Synopsys helps development and security teams find and fix defects and security flaws in code as it’s being written. Coverity is highly accurate, supports thousands of developers, and quickly analyzes large projects exceeding 100 million lines of code, helping your teams build secure, high-quality software faster.

IBM Security AppScan Standard can help minimize web application attacks and expensive data breaches by automating testing of application security vulnerabilities. It allows you to test applications before deploying them and assess risk in production environments on an ongoing basis.

AttackFlow is a solution helps find security and quality weaknesses in software by analyzing the code.

bugScout is a SAST platform for detecting vulnerabilities in application and website source codes.

Peach Fuzzer is an automated security testing platform that prevents zero-day attacks by findng vulnerabilities in hardware and software systems.

HttpWatch is HTTP Sniffer software.

Cloud-based web application security platform

Qualys WAS is Qualys's platform for end-to-end web application scanning.

Manage, measure and integrate security for the entire software lifecycle.

Sparrow SAST is designed to detect security weaknesses in source code with its semantic based static program analysis engine.

Wallarm is an AI-powered application security solution for the teams launching new modular software services or upgrading their existing web applications to a new stack. Wallarm includes an adaptive Next Gen WAF, attack sandboxing, vulnerability scanner and development time testing modules.

Integrated secure development, security testing and continuous monitoring.

It's stunning. bDefend creates powerful behavior fingerprints and makes new malware signatures for all to use.We defend against viruses that others can't detect.

You know that uploading unknown code leads to unknown consequences. So why risk it? bDetect takes a quick look and identifies what code is Safe, Suspicious, or Malicious.

The latest Minded Security Labs project regards JavaScript Security. We have released a tool called BlueClosure which helps security testers to analyze and discover Client Side security issues.

Provides an end-to-end Application Security platform to bring you objective data so you can make informed decisions regarding the security, risk, cost, activity, quality, maintainability, efficiency and dependencies of your applications.

reshift is a continuous application security testing platform that helps software development teams integrate security earlier in the software development life cycle. We make security easier to integrate than other solutions because of two things: 1. Integrations: We don't want to add more work for the developers and that's why we created an end to end solution that seamlessly works with the modern day development workflow. Simply log into Github, Bitbucket, or Gitlab to upload projects. reshift has a scanner included but works on top of your existing scanners. Finally, we also integrate with JIRA to make fixing bugs actionable. 2. False Positives: reshift is capable of automatically triaging false positives with our machine learning algorithm. With other tools false positives just create noise and make fixing bugs more time consuming and less desirable, with reshift everything is filtered based on the rules you set. The more you confirm, the more accurate the predictions get.

WhiteHat Sentinel Source, a part of the WhiteHat Application Security Platform, is our static application security testing (SAST) product. It is used for scanning source code of the most commonly-used programming languages, identifying vulnerabilities, and providing actionable vulnerability reports, as well as offering Software Composition Analysis and ready-to-implement code fixes for certain vulnerabilities. Scanning of binary files for certain languages is also available.

DefenseCode ThunderScan is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing extensive security audits of application source code. ThunderScan is easy to use, requires almost no user input and can be deployed during or after development. It is an efficient alternative to the demanding and time-consuming procedure of manual code reviews. ThunderScan performs fast and accurate analyses of large and complex source code projects delivering precise results and low false positive rate.

Code Dx Enterprise takes the results of all of your scans, processes them, and gives you a short list with no duplicates. It even points out which vulnerabilities were found by more than one tool, and provides an easy interface to prioritize each one based on severity. This can cut your testing time down, and get your application secured without falling behind schedule.