Checkmarx Reviews & Product Details

Checkmarx is the leader in agentic application security, delivering enterprise-grade protection while lowering engineering costs and accelerating development velocity. The Checkmarx One platform scans trillions of lines of code each year for companies, cutting vulnerability density by more than half. Its autonomous security agents detect and counter AI-driven threats across the SDLC, providing prevention-first protection for legacy, modern, and AI-generated code at enterprise scale.

Seller

Checkmarx

Discussions

Checkmarx Community

Overview by

Idit Blank

Value at a Glance

Averages based on real user reviews.

Time to Implement

2 months

Perceived Cost

$$$$$

View More Pricing Information

Top-Rated Alternatives

Veracode Application Security Platform

View All Alternatives

Checkmarx Integrations

(1)

Integration information sourced from real user reviews.

Checkmarx Media

CxSAST's Best Fix Location offers the most efficient place to remediate code to fix as many vulnerabilities as possible with one code change.

Simple, user-friendly reporting for all your analytical needs.

Checkmarx Reviews (36)

G2 reviews are authentic and verified.

Here's how.

Ján J.

SQA Engineer

Enterprise (> 1000 emp.)

12/10/2025

"Great Automation and UI, But Needs Better Kotlin Support"

3.5/5

What do you like best about Checkmarx?

Helps to automate a security review of a codebase. Easy to implement into existing repositories. Nice intuitive user interface and good vulnerability descriptions with a hints where in code and how to fix. Review collected by and hosted on G2.com.

What do you dislike about Checkmarx?

Unfortunately Checkmarx reported a huge number of false positives for Kotlin based projects. Probably this language is poorly supported because there were no such issues in more popular languages like Java or Javascript. Review collected by and hosted on G2.com.

Verified User in Retail

Enterprise (> 1000 emp.)

12/16/2024

"Brilliant Code to Cloud Application"

4.5/5

What do you like best about Checkmarx?

Is so user friendly and it is very easy to become familiar with all the numerous features. Although I wasn't around for the implementation, I've found that it is relatively straightforward to integrate further functionality. The Scanning tools (IaC, SAST, SCA, API etc.) are all excellent and provide us with all the staus and visibility that we require. If we ever have issues that can't be resolved the Customer Support team at Checkmarx always are there to help us out. Review collected by and hosted on G2.com.

What do you dislike about Checkmarx?

The dahsboards layour and display could be improved. Review collected by and hosted on G2.com.

What problems is Checkmarx solving and how is that benefiting you?

Checkmarx is being used mainly for the scanning and checking of code before it makes the journey to the Cloud (AWS). We are using it to look at all the languages and frameworks that we have in our Tech/Data Stack that are incorporated into our IT Landscape. One of the main benefits is that it allows our developers to identify, detect and remediate vulnerabilities at source. It also allows them to edit queries easily and quickly. Review collected by and hosted on G2.com.

Abhineet S.

DevSecOps Engineer II

Mid-Market (51-1000 emp.)

1/12/2024

"Best in class SAST solution in the market"

5/5

What do you like best about Checkmarx?

I like the SAST-ification thing in overall, it is having all offering varies from source code scans to sca, to license scanning and does a great job finding vulnerabilities. It is easy to use and visually easy to look around for the bugs. Similarly very optimized so that we can integrate with the CI/CD pipelines Review collected by and hosted on G2.com.

What do you dislike about Checkmarx?

The cost acquiring in all of the modules is pretty high. Review collected by and hosted on G2.com.

Tharindu M.

Mid-Market (51-1000 emp.)

8/10/2023

"Good Tool with good interfaces and edveloper friendly environment"

4/5

What do you like best about Checkmarx?

UI implementations are really good (Data Flow Matrixes)

suggestions are provided for the most suitable place to fix a set of vulnerabilities.

Most of the integrations are working seamlessly Review collected by and hosted on G2.com.

What do you dislike about Checkmarx?

Support service is getting delayed sometimes

Some of the findings tend to be false positives

Scanning time is slow when compared with other tools.

Some of the IDE integrations aren't working as intended. Review collected by and hosted on G2.com.

Verified User in Computer & Network Security

Mid-Market (51-1000 emp.)

11/2/2023

"A good alternative in a fierceful market"

4.5/5

What do you like best about Checkmarx?

Integration with CI/CD is pretty fetatureful. Review collected by and hosted on G2.com.

What do you dislike about Checkmarx?

High number of false positives unless you carefully tailor it to each project. Review collected by and hosted on G2.com.

sanjay s.

Security Analyst

Small-Business (50 or fewer emp.)

7/22/2022

"Checkmarx Review"

3.5/5

What do you like best about Checkmarx?

Checkmarx Tool Scans the code pretty well. Gives accurate results in-depth analysis can be done because checkmarx provides Flow of code from source till the values getting executed Review collected by and hosted on G2.com.

What do you dislike about Checkmarx?

Checkmarx reports false positives issues a lot. If it's a big application code base it's tough to control the number of false positive issues to analyse.Reporting can also be improved Review collected by and hosted on G2.com.

Pankaj W.

Specialist - Information Security

Enterprise (> 1000 emp.)

4/19/2022

"Best tool for Source code scanning"

5/5

What do you like best about Checkmarx?

The most valuable features are the easy to understand interface, and it 's very user-friendly. Reduce the code using cxsast plugin. It will scan code line by line and find most of vulnerabilities. Very easy to use. Vulnerability report is awesome. Review collected by and hosted on G2.com.

What do you dislike about Checkmarx?

UI should update. Reduce the false positive. Please upgrade rules set to avoid the false positive. Review collected by and hosted on G2.com.

Sujeet S.

Technology Lead

Mid-Market (51-1000 emp.)

6/25/2021

"Impressed with the Codebashing platform and AppSec awareness"

4.5/5

What do you like best about Checkmarx?

Checkmarx has an impressive Codebashing feature that has the edge over SonarQube. The application tracking-reporting feature is good too. I like the "delta-scan" feature as it is really good for cases when there are very frequent scans needed (e.g. with every major code commit, we don't want the entire source code scan to happen again). Having used both tools extensively (SonarQube and Checkmarx), I prefer Checkmarx overall. Checkmarx also fares better compared to peers when it comes to finding any vulnerabilities within the database. Since ours is a user-information driven applicaiton, it becomes even more imminent to identify the data-specfic vulnerabilities at the earliest. Review collected by and hosted on G2.com.

What do you dislike about Checkmarx?

Dashboarding could be better. The UI to show the current issue and the descriptive/suggestive text for the potential fix could be more "obvious" to the end-users. SonarQube scores over checkmarx in this regard.

Also, dashboarding could provide a little more flexibility towards the creation of new widgets.

One ore thing that I disliked about Checkmarx is that I could not find a free version in the market. Even for making an initial comparison, I had to contact the sales rep (the sales rep were pretty quick to respond, though). Review collected by and hosted on G2.com.

Recommendations to others considering Checkmarx:

Check your organization's needs. Checkmarx is comparitively expensive, and there is no free edition to try out first, as far as I know. Review collected by and hosted on G2.com.

What problems is Checkmarx solving and how is that benefiting you?

Static code analysis helps identify AppSec related issues at the earliest. Also, integration with the CICD pipeline ensures quality gating.

Ours is new product development in the earlier stages, and checkmarx is truly helping us by providing the developers and early insight into what could be done "right" from the beginning and instill a culture of finding issues at the earlier stage of development. Review collected by and hosted on G2.com.

Verified User in Higher Education

Enterprise (> 1000 emp.)

2/10/2022

"To find any security vulnerabilities, Checkmarx is an awesome tool."

4.5/5

What do you like best about Checkmarx?

Easy to scan any application to find any security threats Review collected by and hosted on G2.com.

What do you dislike about Checkmarx?

Even after marking false positives, the same issue sometimes still appears as a high or critical security issue. Review collected by and hosted on G2.com.

Verified User in Investment Banking

Enterprise (> 1000 emp.)

10/19/2021

"Be a step ahead by identifying vulnerability using checkmarx to"

4/5

What do you like best about Checkmarx?

It identifies all the security vulnerabilities making your code secure than ever before. It also categorises the vulnerability into different categories based on the risk associated. Can be easily integrated with your CI pipeline to have you code scan with every build Review collected by and hosted on G2.com.

What do you dislike about Checkmarx?

We can have a more better and user friendly UI to go through the report. Review collected by and hosted on G2.com.