Checkmarx Reviews & Product Details

Checkmarx Overview

What is Checkmarx?

Checkmarx is the Software Exposure Platform for the enterprise. Over 1,400 organizations around the globe rely on Checkmarx to measure and manage software risk at the speed of DevOps. Checkmarx serves five of the world’s top 10 software vendors, four of the top American banks, and many government organizations and Fortune 500 enterprises, including SAP, Samsung, and Salesforce.com. Learn more at Checkmarx.com or follow us on Twitter: @checkmarx.

Checkmarx Details
Website
Product Description

Identify software security vulnerabilities & fix them

How do you position yourself against your competitors?

Checkmarx offers developer-friendly, auditor-friendly and CISO-friendly application security solutions that are easy to get up-and-running and integrate well with other tools used in your SDLC. By implementing CxSAST throughout your SDLC, security testing can be better planned and simply executed.


Seller Details
Seller
Checkmarx.com LTD
Company Website
Year Founded
2006
HQ Location
Paramus, NJ
Twitter
@Checkmarx
6,262 Twitter followers
LinkedIn® Page
www.linkedin.com
665 employees on LinkedIn®
Show More

Checkmarx Screenshots

Checkmarx Reviews

Write a Review
Filter reviews
LinkedIn®
Connections
Popular Mentions
Showing 25 Checkmarx reviews
Popular Mentions
Showing 25 reviews
Filter Reviews
Filter Reviews
Sort by
Ratings
Company Size
User Role
For Category
All Industries
Region
Already have Checkmarx?
Write a Review
Senior software engineer
Mid-Market(51-1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

CheckMarx has been used an application to scan the applications to rectify vulnerability in the code and to check the security lapses. I have been using checkMarx to check the same in my .NET application and have found checkMarx to be great use. I would like to mention few good things about the same .

1.) It has support to many languages . In my case it can find the lapses in C#, Java script, J query , Typescript .

2.) The description is quite clear about the issues which makes it easier to understand the problem statement behind the security lapse.

3.) The online community present for CheckMarx is quite good which makes it easier to find the resolution Review collected by and hosted on G2.com.

What do you dislike?

Even though CheckMarx is quite helpful to check the security threats in the application code there are few things which can be improved by the CheckMarx team to make it more useful and efficient .

1.) There are many false positives which increase a lot of issues which in turn are required to marked as non exploitable

2.) Per user cost of CheckMarx subscription is high which makes it difficult for the small organisation to own it completely. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Use it to refactor the code of your application and re mediate the security lapses Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

I have been using CheckMarx in my organisation to find the code related issues in the .NET application. This has helped in a great way to re mediate the security lapses and refactor the code to make it more efficient. Review collected by and hosted on G2.com.

Show More
Show Less
UI
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

The report generated by this tool is comprehensive and easy to understand

It has good charts Review collected by and hosted on G2.com.

What do you dislike?

The report some times have false positives and duplication Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Performing security testing using this tool Review collected by and hosted on G2.com.

Show More
Show Less
Software Security Consultant
Information Technology and Services
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Organic
What do you like best?

ease of deployment. Number of supported languages and best place to fix function. Review collected by and hosted on G2.com.

What do you dislike?

Too much detail in the report for small security shops. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Filter the final report by severity and concentrate on the most important issues first. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Fixed code flaws before deployment. Dramatically decreased rework and refactoring. Review collected by and hosted on G2.com.

Show More
Show Less
UF
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
Business partner of the seller or seller's competitor, not included in G2 scores.
What do you like best?

I like the way that the checkmarx report provides a detailed account of al potential vulnerabilities and then provides examples of how the issue can be fixed. This is very helpful when it comes to trying to resolve all issues. Review collected by and hosted on G2.com.

What do you dislike?

As with anything automated, some issues that are found are just non-issues. We use several different security gating products like Checkmarx and I would say that it is less often incorrect than the others. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

It is a good way to catch potential vulnerabilities in your code. With a large code base and many contributors this can be next to impossible if you rely on manual methods (ie. code review). Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We are making our application more secure and staying in the know about new threats and vulnerabilities. Review collected by and hosted on G2.com.

Show More
Show Less
UB
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Results are pretty good with CheckMarx. This tool is helpful to build secure source code. CheckMarx scan report gives detailed view of each issue and flowchart is given for the variables which might cause security threat. Code scanning is fast. Review collected by and hosted on G2.com.

What do you dislike?

Sometimes reports generated by the CheckMarx scan contain lot of false positive issues even though code is designed in a way that ensures security. This decreases the readability of the reports. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Great tool designed for security scan. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Sotware application is tested using CheckMarx.

Benefits:

1. Secure code development and best coding practices

2. Possible vulnerabilities and threats identification to assure software quality

3. Review collected by and hosted on G2.com.

Show More
Show Less
Architecte Technique et applicatif - Chef de Projet
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2
What do you like best?

Our choice of Checkmarx as a static code audit tool was done after a long reflection. the richness in terms of languages and the customization of the presets were determinents. We were accompanied at first by a very competent editor team. Today, the use of the tool is unavoidable. We use it both as an integrated tool in our IDEs but also when building in our continuous integration platform. He is also at the hand of the security team to audit code delivered by an external service provider.

We also appreciate the possibility of modifying but also creating new rules to eliminate false positives.

The tool is also rich in terms of indicators and charts. it provides a dashboard that makes it easy to track application risk level scores over time and provides management with comprehensive reports. the details of the vulnerabilities detected and the description of the corrections allows the development teams to correct the vulnerabilities but also to learn about the security of the coding. Review collected by and hosted on G2.com.

What do you dislike?

At each audit, the number of false positives is high. but this is a defect specific to SAST tools. knowledge of the business specificities of the application is necessary to personalize the presets to eliminate false positives.

This tool is a step in the security audit process, it must be completed by DAST and IAST audits. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

we highly recommend this tool. We have already recommended the tool at our group level. The cost-effectiveness ratio is interesting. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

we use this tool in a bank-insurance information system. Business requirements are high. Checkmarx has helped us improve the maturity of our IT security in order to gain the confidence of our business. Review collected by and hosted on G2.com.

Show More
Show Less
Mid-Market(51-1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Automation has been much more easier with the checkmarx Review collected by and hosted on G2.com.

What do you dislike?

Even if 1 test fails it shows the everything as failed Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Automation is the main purpose of our use. Review collected by and hosted on G2.com.

Show More
Show Less
Senior Java Consultant
Retail
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
Business partner of the seller or seller's competitor, not included in G2 scores.
What do you like best?

It gives suggestions of technical issues correctly. Review collected by and hosted on G2.com.

What do you dislike?

Its a little confusing with existing code bases. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Better in finding code issues. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Better code quality is obtained using Checkmarx. Review collected by and hosted on G2.com.

Show More
Show Less
Business Technology Analyst
Management Consulting
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

This is an excellent tool to write secure code and follow best practices. i like that it gives a detailed overview of the issue in your static code and also provides ways to solve it. It attributes a risk profile to each issue and this way you can solve the ones with high priority first. Review collected by and hosted on G2.com.

What do you dislike?

The document generated can sometimes be too verbose and you can loose track of what issues to solve. Sometimes even if you have solved all the issues, re-running the report does not ensure a count of zero. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

This works great with Java, you should definitely include this in your technology portfolio Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We use this as a code quality indicator, the tool helps us write efficient and secure code, benefits include fewer bugs due to poor quality code. Review collected by and hosted on G2.com.

Show More
Show Less
Senior Salesforce developer
Computer Software
Mid-Market(51-1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

The tool uses your credentials to generate a report and that report is very comprehensive, yet very easy to understand, it makes very easy to solve potential security issues. Review collected by and hosted on G2.com.

What do you dislike?

The report generated by CheckMarx always contains a lot of false positives or duplicated positives, making it bigger than it should, although to be fair it would not be easy to develop a tool that analyses code so thoroughly without displaying a fair amount of duplicates. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Performing security reviews of my project's code. It gives the user a comprehensive look into the potential security risks and the explanation of such risks which is helpfull for people like me who is not a security expert. Review collected by and hosted on G2.com.

Show More
Show Less
AA
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

We use this tool to scan our code for vulnerabilities. It is a great tool because it can be run against our code base and it lists our the vulnerabilities. This has reduced our time for manual code reviews by quite some time. Also, it helps us set code quality standard. We have implemented this as part of our software development cycle. The new developers that come on board can look at previous scans and learn our coding standards and follow that as part of our coding policy. Review collected by and hosted on G2.com.

What do you dislike?

There can be many false positives. Since the tool is automated it doesn't understand some of the code logic and why it was written in a certain way. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Be aware of false positives. Other than it's a great tool to scan your code base. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

It helps us automate the code review process and catches code vulnerabilities. We have saved time on code reviews by running the code against this tool first. Review collected by and hosted on G2.com.

Show More
Show Less
AM
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
Business partner of the seller or seller's competitor, not included in G2 scores.
What do you like best?

providing the scan report in multiple formats Review collected by and hosted on G2.com.

What do you dislike?

integrating with build tools is not fun Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

scanning the vulnerabilities in source code Review collected by and hosted on G2.com.

Show More
Show Less
Small-Business(50 or fewer emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

We used the tool to find security flaws in our software it helped us to find cross side scripting bugs in an easy way Review collected by and hosted on G2.com.

What do you dislike?

When we integrate with Jenkins the report sent by CheckMarx is not easily redable Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Security

Code Analysis

Cross side scripting

SQL injections Review collected by and hosted on G2.com.

Show More
Show Less
Chief Enterprise Architect
Computer Software
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2
What do you like best?

Really easy to use and the level of detail you can access is amazing. Review collected by and hosted on G2.com.

What do you dislike?

The Cost, it is not cheap, but not good rarely is. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Static Code Scan for PCI Review collected by and hosted on G2.com.

Show More
Show Less
AM
Small-Business(50 or fewer emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Easy installation and rollout, it performs thorough scans across most, if not all all, languages. Review collected by and hosted on G2.com.

What do you dislike?

The work-layout requires a full screen, and like four windows. It''s not something you can do passively because it takes the whole screen. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Strengthening security by making the code airtight. And making cleaning the code provides many pluses, in general. Review collected by and hosted on G2.com.

Show More
Show Less
SAP ABAP Developer
Automotive
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Highly recommend Check mark in this current trend. Review collected by and hosted on G2.com.

What do you dislike?

Not having an option to choose personal email. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Analytics Review collected by and hosted on G2.com.

Show More
Show Less
UE
Small-Business(50 or fewer emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

This is a very innovative company. The product is safe. Review collected by and hosted on G2.com.

What do you dislike?

Customer service is not so great. It takes a while for them to return your call. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Consider it. Nothing to lose. If you do not like it, switch to something else. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

It is good for network security. Review collected by and hosted on G2.com.

Show More
Show Less
AF
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

The software is responsive it is very dynamic and very thorough. If you need a dynamic system look here. Review collected by and hosted on G2.com.

What do you dislike?

Sometimes when you most need a part to save it is sometimes slow. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Buy it Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Integrity, allows us to finish our job right. Review collected by and hosted on G2.com.

Show More
Show Less
CI
Small-Business(50 or fewer emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Reviews APEX code and most security/code scanners do not Review collected by and hosted on G2.com.

What do you dislike?

Results take a few minutes to return, not a huge issue but if you are in a time crunch you never know when they will arrive :) Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Providing reassurance to our customers Review collected by and hosted on G2.com.

Show More
Show Less
CI
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
Business partner of the seller or seller's competitor, not included in G2 scores.
What do you like best?

Fast code scanning capability and to the point recommendation. Review collected by and hosted on G2.com.

What do you dislike?

Many false positive scenarios are provided in results when scanning is done for Apex code Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Easy to use for code scanning of Force.com Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Salesforce code security issues. Ability to find major security issues and recommendation to fix them Review collected by and hosted on G2.com.

Show More
Show Less
UF
Small-Business(50 or fewer emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Recommendations provided are easy to understand and actionable insights Review collected by and hosted on G2.com.

What do you dislike?

too many false positive results while scanning code Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Good tool to use for code scanning for beginners Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Code best practices Review collected by and hosted on G2.com.

Show More
Show Less
UF
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Checkmarx has a lot of pros, easy to deploy and integrates well in the SDLC, board overage of language support. Review collected by and hosted on G2.com.

What do you dislike?

Very high number of false positives takes longer time to triage. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Securing SDLC. Review collected by and hosted on G2.com.

Show More
Show Less
AR
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Static analysis & Apex Overview of unpackaged code Review collected by and hosted on G2.com.

What do you dislike?

Cost is a big concern and frequent analysis could be better if cost is not a concern. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Threat identification in our custom code.

Security requirements review. Review collected by and hosted on G2.com.

Show More
Show Less
AM
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Application Security testing and the testing UI Review collected by and hosted on G2.com.

What do you dislike?

Still needs the break even analysis for the cases Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Application software vulnerablities and workflow needed Review collected by and hosted on G2.com.

Show More
Show Less
UI
Mid-Market(51-1000 emp.)
Validated Reviewer
Review source: G2 Gives Campaign
What do you like best?

I was working on a project for Salesforce and needed to test my code and running CheckMarx against the code helped me get my development done faster and done right. Review collected by and hosted on G2.com.

What do you dislike?

The specific documentation for APEX is a little hard to parse but it helps point out where you need to look. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We needed to test our APEX code and needed to make sure it was as secure as possible. Review collected by and hosted on G2.com.

Show More
Show Less
Do you work for Checkmarx?