# Checkmarx Reviews **Vendor:** Checkmarx **Category:** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) **Average Rating:** 4.2/5.0 **Total Reviews:** 40 ## About Checkmarx Checkmarx is a type of application security solution designed to help organizations safeguard their software development processes while enhancing efficiency and reducing costs. The Checkmarx One platform stands out in the realm of enterprise-grade security, offering comprehensive protection that addresses the complexities of modern software development, including legacy systems and AI-generated code. By scanning trillions of lines of code annually, Checkmarx enables companies to significantly lower their vulnerability density, ensuring a robust defense against potential threats. The platform is particularly beneficial for software development teams, security professionals, and organizations that prioritize secure coding practices. With the increasing reliance on AI technologies and the rapid pace of software development, Checkmarx One provides essential tools to mitigate risks associated with both traditional and emerging programming languages. Its innovative architecture, powered by autonomous security agents and AI-native intelligence, allows organizations to integrate security seamlessly into their development workflows, thereby accelerating development velocity without compromising on safety. Key features of Checkmarx One include Triage Assist, which employs an autonomous AI agent to prioritize vulnerabilities based on real-world exploitability and contextual risk. This feature empowers teams to concentrate their efforts on the most critical issues rather than getting bogged down by static severity scores. Additionally, Remediation Assist generates review-ready fixes for validated vulnerabilities prior to code merges, streamlining the secure delivery process and minimizing the manual overhead typically associated with remediation tasks. Developer Assist is another notable feature, acting as a standalone security agent that identifies risks during the coding process. By providing safe, explainable, and verified fixes directly within the integrated development environment (IDE), it supports developers in maintaining a stable and rapid development pace. Furthermore, the platform includes AI Supply Chain Security, which offers centralized governance and visibility for AI components embedded in applications, ensuring that hidden AI assets are discovered and managed effectively. Lastly, Checkmarx One incorporates advanced analysis engines such as AI SAST and DAST for AI, which enhance security measures across various environments. The AI SAST feature expands detection capabilities to cover emerging and unsupported programming languages, while the DAST for AI strengthens runtime protection in continuous integration and deployment (CI/CD) settings. Together, these features position Checkmarx One as a comprehensive solution for organizations looking to fortify their software development lifecycle against evolving threats. ## Checkmarx Pros & Cons **What users like:** - Users appreciate the **ease of implementation** of Checkmarx, finding it straightforward to integrate into existing codebases. (2 reviews) - Users appreciate the **intuitive user interface** of Checkmarx, making security reviews and features easy to navigate. (2 reviews) - Users value the **accuracy of results** from Checkmarx, enhancing security reviews with intuitive insights and guidance. (1 reviews) - Users appreciate the **ease of automation for security reviews** with Checkmarx, enhancing their codebase management efficiently. (1 reviews) - Users appreciate the **responsive customer support** of Checkmarx, ensuring assistance whenever difficult issues arise. (1 reviews) - Dashboard Usability (1 reviews) - Deployment (1 reviews) - Users find Checkmarx to be **very easy to use** , quickly familiarizing themselves with its numerous features and functionalities. (1 reviews) - Users find **easy integrations** with Checkmarx enhance functionality, making it simple to utilize its many features. (1 reviews) - Easy Setup (1 reviews) **What users dislike:** - Users experience a high number of **false positives** in Checkmarx, especially with Kotlin projects compared to more common languages. (1 reviews) - Users experience **lacking features** in Checkmarx, particularly with poor support for Kotlin leading to numerous false positives. (1 reviews) - Users experience **missing features** in Checkmarx, as it struggles with false positives in Kotlin projects compared to others. (1 reviews) - Users feel that the **poor navigation** of Checkmarx hinders usability and complicates their experience with the tool. (1 reviews) ## Checkmarx Reviews ### 1. Powerful for Security, But Needs UI Improvements **Rating:** 4.0/5.0 stars **Reviewed by:** Amshu P. | Discord Testers, Small-Business (50 or fewer emp.) **Reviewed Date:** May 27, 2026 **What do you like best about Checkmarx?** I like Checkmarx for its security testing at the application level. It's practical even though it wasn't really easy to use at first. I appreciate its security capabilities, easy navigation, and the reporting which works pretty well. **What do you dislike about Checkmarx?** It was really tough for me to use initially, felt kinda confusing but got used to it as I started working with it. UI could be better. Scans take a lot of time and I used to get false positives, which required so much energy ugh. I stopped using it because the cost was too high for my boss and he stopped paying for it. Tough, it took like, days for the team to properly set it up. **What problems is Checkmarx solving and how is that benefiting you?** Checkmarx helps with scanning code and addressing security issues, offering good security testing capabilities with easy navigation and solid reporting for our team. ### 2. Essential for Secure Development, Accurate and Efficient **Rating:** 4.0/5.0 stars **Reviewed by:** Tadele L. | Senior IS Audit Officer , Enterprise (> 1000 emp.) **Reviewed Date:** May 26, 2026 **What do you like best about Checkmarx?** I like Checkmarx for its accurate vulnerability detection, easy CI/CD integration, and detailed remediation guidance that helps developers fix security issues quickly. **What do you dislike about Checkmarx?** Checkmarx could improve scan performance for large projects, reduce false positives, and provide a more user-friendly interface for easier navigation and reporting. **What problems is Checkmarx solving and how is that benefiting you?** Checkmarx helps us identify and fix application security vulnerabilities early in the development lifecycle, improve secure coding practices, and automate security testing within CI/CD pipelines. ### 3. Seamless Developer Workflow Integration for Real-Time Vulnerability Fixes **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Program Development | Small-Business (50 or fewer emp.) **Reviewed Date:** May 30, 2026 **What do you like best about Checkmarx?** Checkmarx integrates directly into the developer workflow. By providing plugins for popular IDEs, CI/CD pipelines, and source code management (SCM) platforms, it allows developers to catch and fix vulnerabilities in real time without context-switching **What do you dislike about Checkmarx?** Running the application can strain local servers, and I note that the system requires substantial RAM and processing power to perform efficiently. **What problems is Checkmarx solving and how is that benefiting you?** Checkmarx solves the critical problem of vulnerabilities slipping into production code, which directly benefits me by reducing security risks and saving development time. ### 4. Great Automation and UI, But Needs Better Kotlin Support **Rating:** 3.5/5.0 stars **Reviewed by:** Ján J. | SQA Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** December 10, 2025 **What do you like best about Checkmarx?** Helps to automate a security review of a codebase. Easy to implement into existing repositories. Nice intuitive user interface and good vulnerability descriptions with a hints where in code and how to fix. **What do you dislike about Checkmarx?** Unfortunately Checkmarx reported a huge number of false positives for Kotlin based projects. Probably this language is poorly supported because there were no such issues in more popular languages like Java or Javascript. **What problems is Checkmarx solving and how is that benefiting you?** Helps to catch a new security vulnerabilities at each code commit and forces developers to fix them before pushing to production code. ### 5. Proactive Security and Smooth Cross-Team Collaboration **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.) **Reviewed Date:** May 30, 2026 **What do you like best about Checkmarx?** Its proactive approach to security.. I like how it enables you to collaborate with other teams. **What do you dislike about Checkmarx?** the only concern I had initially was the complexity the platform has a steep learning curve. and the Cost **What problems is Checkmarx solving and how is that benefiting you?** Protects customers data, and lowered remediation cost. ### 6. Brilliant Code to Cloud Application **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Retail | Enterprise (> 1000 emp.) **Reviewed Date:** December 16, 2024 **What do you like best about Checkmarx?** Is so user friendly and it is very easy to become familiar with all the numerous features. Although I wasn't around for the implementation, I've found that it is relatively straightforward to integrate further functionality. The Scanning tools (IaC, SAST, SCA, API etc.) are all excellent and provide us with all the staus and visibility that we require. If we ever have issues that can't be resolved the Customer Support team at Checkmarx always are there to help us out. **What do you dislike about Checkmarx?** The dahsboards layour and display could be improved. **What problems is Checkmarx solving and how is that benefiting you?** Checkmarx is being used mainly for the scanning and checking of code before it makes the journey to the Cloud (AWS). We are using it to look at all the languages and frameworks that we have in our Tech/Data Stack that are incorporated into our IT Landscape. One of the main benefits is that it allows our developers to identify, detect and remediate vulnerabilities at source. It also allows them to edit queries easily and quickly. ### 7. Best in class SAST solution in the market **Rating:** 5.0/5.0 stars **Reviewed by:** Abhineet S. | DevSecOps Engineer II, Mid-Market (51-1000 emp.) **Reviewed Date:** January 12, 2024 **What do you like best about Checkmarx?** I like the SAST-ification thing in overall, it is having all offering varies from source code scans to sca, to license scanning and does a great job finding vulnerabilities. It is easy to use and visually easy to look around for the bugs. Similarly very optimized so that we can integrate with the CI/CD pipelines **What do you dislike about Checkmarx?** The cost acquiring in all of the modules is pretty high. **What problems is Checkmarx solving and how is that benefiting you?** Solving major bugs right from the code by applying shift left approach in an easier way. ### 8. Good Tool with good interfaces and edveloper friendly environment **Rating:** 4.0/5.0 stars **Reviewed by:** Tharindu M. | Mid-Market (51-1000 emp.) **Reviewed Date:** August 10, 2023 **What do you like best about Checkmarx?** UI implementations are really good (Data Flow Matrixes) suggestions are provided for the most suitable place to fix a set of vulnerabilities. Most of the integrations are working seamlessly **What do you dislike about Checkmarx?** Support service is getting delayed sometimes Some of the findings tend to be false positives Scanning time is slow when compared with other tools. Some of the IDE integrations aren't working as intended. **What problems is Checkmarx solving and how is that benefiting you?** Checkmarks provided a lot of visibility to our development cycles. It has the capability to scan the entire GitHub or scan a specific branch. Using the Checkmarks tool we were able to stop major vulnerabilities appears in production. ### 9. A good alternative in a fierceful market **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.) **Reviewed Date:** November 02, 2023 **What do you like best about Checkmarx?** Integration with CI/CD is pretty fetatureful. **What do you dislike about Checkmarx?** High number of false positives unless you carefully tailor it to each project. **What problems is Checkmarx solving and how is that benefiting you?** Automatic CI/CD SAST testing before each new feature or release. ### 10. Checkmarx Review **Rating:** 3.5/5.0 stars **Reviewed by:** sanjay s. | Security Analyst, Small-Business (50 or fewer emp.) **Reviewed Date:** July 22, 2022 **What do you like best about Checkmarx?** Checkmarx Tool Scans the code pretty well. Gives accurate results in-depth analysis can be done because checkmarx provides Flow of code from source till the values getting executed **What do you dislike about Checkmarx?** Checkmarx reports false positives issues a lot. If it's a big application code base it's tough to control the number of false positive issues to analyse.Reporting can also be improved **What problems is Checkmarx solving and how is that benefiting you?** Checkmarx tool has Library scanning as well. It gives accurate results in reporting Vulnerable libraries. Accuracy has been spot on when it comes to reporting Library issues ### 11. Best tool for Source code scanning **Rating:** 5.0/5.0 stars **Reviewed by:** Pankaj W. | Specialist - Information Security, Enterprise (> 1000 emp.) **Reviewed Date:** April 19, 2022 **What do you like best about Checkmarx?** The most valuable features are the easy to understand interface, and it 's very user-friendly. Reduce the code using cxsast plugin. It will scan code line by line and find most of vulnerabilities. Very easy to use. Vulnerability report is awesome. **What do you dislike about Checkmarx?** UI should update. Reduce the false positive. Please upgrade rules set to avoid the false positive. **What problems is Checkmarx solving and how is that benefiting you?** It will find the vulnerabilities like SQL injection, cross site scripting, command injection, Xxe etc vulnerabilities. Scan speed is very good. We can review the issue easily. ### 12. Impressed with the Codebashing platform and AppSec awareness **Rating:** 4.5/5.0 stars **Reviewed by:** Sujeet S. | Technology Lead, Mid-Market (51-1000 emp.) **Reviewed Date:** June 25, 2021 **What do you like best about Checkmarx?** Checkmarx has an impressive Codebashing feature that has the edge over SonarQube. The application tracking-reporting feature is good too. I like the "delta-scan" feature as it is really good for cases when there are very frequent scans needed (e.g. with every major code commit, we don't want the entire source code scan to happen again). Having used both tools extensively (SonarQube and Checkmarx), I prefer Checkmarx overall. Checkmarx also fares better compared to peers when it comes to finding any vulnerabilities within the database. Since ours is a user-information driven applicaiton, it becomes even more imminent to identify the data-specfic vulnerabilities at the earliest. **What do you dislike about Checkmarx?** Dashboarding could be better. The UI to show the current issue and the descriptive/suggestive text for the potential fix could be more "obvious" to the end-users. SonarQube scores over checkmarx in this regard. Also, dashboarding could provide a little more flexibility towards the creation of new widgets. One ore thing that I disliked about Checkmarx is that I could not find a free version in the market. Even for making an initial comparison, I had to contact the sales rep (the sales rep were pretty quick to respond, though). **Recommendations to others considering Checkmarx:** Check your organization's needs. Checkmarx is comparitively expensive, and there is no free edition to try out first, as far as I know. **What problems is Checkmarx solving and how is that benefiting you?** Static code analysis helps identify AppSec related issues at the earliest. Also, integration with the CICD pipeline ensures quality gating. Ours is new product development in the earlier stages, and checkmarx is truly helping us by providing the developers and early insight into what could be done "right" from the beginning and instill a culture of finding issues at the earlier stage of development. ### 13. To find any security vulnerabilities, Checkmarx is an awesome tool. **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Higher Education | Enterprise (> 1000 emp.) **Reviewed Date:** February 10, 2022 **What do you like best about Checkmarx?** Easy to scan any application to find any security threats **What do you dislike about Checkmarx?** Even after marking false positives, the same issue sometimes still appears as a high or critical security issue. **What problems is Checkmarx solving and how is that benefiting you?** Security vulnerabilities scan for application. Yes, it helps to stay updated with Jars, helping to avoid being hacked. ### 14. Be a step ahead by identifying vulnerability using checkmarx to **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Investment Banking | Enterprise (> 1000 emp.) **Reviewed Date:** October 19, 2021 **What do you like best about Checkmarx?** It identifies all the security vulnerabilities making your code secure than ever before. It also categorises the vulnerability into different categories based on the risk associated. Can be easily integrated with your CI pipeline to have you code scan with every build **What do you dislike about Checkmarx?** We can have a more better and user friendly UI to go through the report. **What problems is Checkmarx solving and how is that benefiting you?** Identifying the vulnerability before the code goes into production so that all the risks can be mitigated and we don't have to worry about it once code gets live ### 15. Checkmarx : Enable SAST for CI/CD Effortlessly **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Banking | Enterprise (> 1000 emp.) **Reviewed Date:** September 23, 2021 **What do you like best about Checkmarx?** The best features of Checkmarx are: 1) Open Source vulnerability scanner 2) Integration with multiple Ci/CD orchestration tools 3) Real-time reporting of static code vulnerabilities **What do you dislike about Checkmarx?** I feel the Jenkins code snippet of Checkmarx is a bit complex, and it could be a lot simpler. **What problems is Checkmarx solving and how is that benefiting you?** We have enabled SAST in our CI/CD pipelines using Checkmarx. It saves a lot of time as the integration of Checkmarx with our CI/CD orchestration tool achieves maximum automation and reduces the time significantly. ### 16. An efficient application to check vulnerability in the software **Rating:** 3.5/5.0 stars **Reviewed by:** himanshu g. | Senior software engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** August 25, 2019 **What do you like best about Checkmarx?** CheckMarx has been used an application to scan the applications to rectify vulnerability in the code and to check the security lapses. I have been using checkMarx to check the same in my .NET application and have found checkMarx to be great use. I would like to mention few good things about the same . 1.) It has support to many languages . In my case it can find the lapses in C#, Java script, J query , Typescript . 2.) The description is quite clear about the issues which makes it easier to understand the problem statement behind the security lapse. 3.) The online community present for CheckMarx is quite good which makes it easier to find the resolution **What do you dislike about Checkmarx?** Even though CheckMarx is quite helpful to check the security threats in the application code there are few things which can be improved by the CheckMarx team to make it more useful and efficient . 1.) There are many false positives which increase a lot of issues which in turn are required to marked as non exploitable 2.) Per user cost of CheckMarx subscription is high which makes it difficult for the small organisation to own it completely. **Recommendations to others considering Checkmarx:** Use it to refactor the code of your application and re mediate the security lapses **What problems is Checkmarx solving and how is that benefiting you?** I have been using CheckMarx in my organisation to find the code related issues in the .NET application. This has helped in a great way to re mediate the security lapses and refactor the code to make it more efficient. ### 17. Good and very useful sast tool **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** June 27, 2019 **What do you like best about Checkmarx?** The report generated by this tool is comprehensive and easy to understand It has good charts **What do you dislike about Checkmarx?** The report some times have false positives and duplication **What problems is Checkmarx solving and how is that benefiting you?** Performing security testing using this tool ### 18. The lightest and most complete static analysis tool with best place to fix **Rating:** 5.0/5.0 stars **Reviewed by:** Roman P. | Software Security Consultant, Information Technology and Services, Enterprise (> 1000 emp.) **Reviewed Date:** January 29, 2019 **What do you like best about Checkmarx?** ease of deployment. Number of supported languages and best place to fix function. **What do you dislike about Checkmarx?** Too much detail in the report for small security shops. **Recommendations to others considering Checkmarx:** Filter the final report by severity and concentrate on the most important issues first. **What problems is Checkmarx solving and how is that benefiting you?** Fixed code flaws before deployment. Dramatically decreased rework and refactoring. ### 19. Great for finding overlooked or unthought of issues **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** September 30, 2018 **What do you like best about Checkmarx?** I like the way that the checkmarx report provides a detailed account of al potential vulnerabilities and then provides examples of how the issue can be fixed. This is very helpful when it comes to trying to resolve all issues. **What do you dislike about Checkmarx?** As with anything automated, some issues that are found are just non-issues. We use several different security gating products like Checkmarx and I would say that it is less often incorrect than the others. **Recommendations to others considering Checkmarx:** It is a good way to catch potential vulnerabilities in your code. With a large code base and many contributors this can be next to impossible if you rely on manual methods (ie. code review). **What problems is Checkmarx solving and how is that benefiting you?** We are making our application more secure and staying in the know about new threats and vulnerabilities. ### 20. Great application for Software security **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Banking | Enterprise (> 1000 emp.) **Reviewed Date:** October 23, 2018 **What do you like best about Checkmarx?** Results are pretty good with CheckMarx. This tool is helpful to build secure source code. CheckMarx scan report gives detailed view of each issue and flowchart is given for the variables which might cause security threat. Code scanning is fast. **What do you dislike about Checkmarx?** Sometimes reports generated by the CheckMarx scan contain lot of false positive issues even though code is designed in a way that ensures security. This decreases the readability of the reports. **Recommendations to others considering Checkmarx:** Great tool designed for security scan. **What problems is Checkmarx solving and how is that benefiting you?** Sotware application is tested using CheckMarx. Benefits: 1. Secure code development and best coding practices 2. Possible vulnerabilities and threats identification to assure software quality 3. ### 21. A useful SAST tool to improve maturity in IT security **Rating:** 4.5/5.0 stars **Reviewed by:** Hatim B. | IT Architect & Project manager, Enterprise (> 1000 emp.) **Reviewed Date:** December 27, 2017 **What do you like best about Checkmarx?** Our choice of Checkmarx as a static code audit tool was done after a long reflection. the richness in terms of languages and the customization of the presets were determinents. We were accompanied at first by a very competent editor team. Today, the use of the tool is unavoidable. We use it both as an integrated tool in our IDEs but also when building in our continuous integration platform. He is also at the hand of the security team to audit code delivered by an external service provider. We also appreciate the possibility of modifying but also creating new rules to eliminate false positives. The tool is also rich in terms of indicators and charts. it provides a dashboard that makes it easy to track application risk level scores over time and provides management with comprehensive reports. the details of the vulnerabilities detected and the description of the corrections allows the development teams to correct the vulnerabilities but also to learn about the security of the coding. **What do you dislike about Checkmarx?** At each audit, the number of false positives is high. but this is a defect specific to SAST tools. knowledge of the business specificities of the application is necessary to personalize the presets to eliminate false positives. This tool is a step in the security audit process, it must be completed by DAST and IAST audits. **Recommendations to others considering Checkmarx:** we highly recommend this tool. We have already recommended the tool at our group level. The cost-effectiveness ratio is interesting. **What problems is Checkmarx solving and how is that benefiting you?** we use this tool in a bank-insurance information system. Business requirements are high. Checkmarx has helped us improve the maturity of our IT security in order to gain the confidence of our business. ### 22. We use it for checking the test cases **Rating:** 4.5/5.0 stars **Reviewed by:** vidya vignan c. | Mid-Market (51-1000 emp.) **Reviewed Date:** August 30, 2018 **What do you like best about Checkmarx?** Automation has been much more easier with the checkmarx **What do you dislike about Checkmarx?** Even if 1 test fails it shows the everything as failed **What problems is Checkmarx solving and how is that benefiting you?** Automation is the main purpose of our use. ### 23. Code quality using Checkmarx **Rating:** 4.5/5.0 stars **Reviewed by:** Shebin P. | Senior Java Consultant, Retail, Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2018 **What do you like best about Checkmarx?** It gives suggestions of technical issues correctly. **What do you dislike about Checkmarx?** Its a little confusing with existing code bases. **Recommendations to others considering Checkmarx:** Better in finding code issues. **What problems is Checkmarx solving and how is that benefiting you?** Better code quality is obtained using Checkmarx. ### 24. CheckMarx review **Rating:** 4.5/5.0 stars **Reviewed by:** Sahil M. | Business Technology Analyst, Management Consulting, Enterprise (> 1000 emp.) **Reviewed Date:** January 04, 2018 **What do you like best about Checkmarx?** This is an excellent tool to write secure code and follow best practices. i like that it gives a detailed overview of the issue in your static code and also provides ways to solve it. It attributes a risk profile to each issue and this way you can solve the ones with high priority first. **What do you dislike about Checkmarx?** The document generated can sometimes be too verbose and you can loose track of what issues to solve. Sometimes even if you have solved all the issues, re-running the report does not ensure a count of zero. **Recommendations to others considering Checkmarx:** This works great with Java, you should definitely include this in your technology portfolio **What problems is Checkmarx solving and how is that benefiting you?** We use this as a code quality indicator, the tool helps us write efficient and secure code, benefits include fewer bugs due to poor quality code. ### 25. Very easy to use tool for improving security **Rating:** 4.0/5.0 stars **Reviewed by:** Martin D. | Senior Salesforce developer, Computer Software, Mid-Market (51-1000 emp.) **Reviewed Date:** January 18, 2018 **What do you like best about Checkmarx?** The tool uses your credentials to generate a report and that report is very comprehensive, yet very easy to understand, it makes very easy to solve potential security issues. **What do you dislike about Checkmarx?** The report generated by CheckMarx always contains a lot of false positives or duplicated positives, making it bigger than it should, although to be fair it would not be easy to develop a tool that analyses code so thoroughly without displaying a fair amount of duplicates. **What problems is Checkmarx solving and how is that benefiting you?** Performing security reviews of my project's code. It gives the user a comprehensive look into the potential security risks and the explanation of such risks which is helpfull for people like me who is not a security expert. ### 26. Great scanning tool for code **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Automotive | Enterprise (> 1000 emp.) **Reviewed Date:** December 29, 2017 **What do you like best about Checkmarx?** We use this tool to scan our code for vulnerabilities. It is a great tool because it can be run against our code base and it lists our the vulnerabilities. This has reduced our time for manual code reviews by quite some time. Also, it helps us set code quality standard. We have implemented this as part of our software development cycle. The new developers that come on board can look at previous scans and learn our coding standards and follow that as part of our coding policy. **What do you dislike about Checkmarx?** There can be many false positives. Since the tool is automated it doesn't understand some of the code logic and why it was written in a certain way. **Recommendations to others considering Checkmarx:** Be aware of false positives. Other than it's a great tool to scan your code base. **What problems is Checkmarx solving and how is that benefiting you?** It helps us automate the code review process and catches code vulnerabilities. We have saved time on code reviews by running the code against this tool first. ### 27. nice **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Marketing and Advertising | Enterprise (> 1000 emp.) **Reviewed Date:** July 30, 2018 **What do you like best about Checkmarx?** providing the scan report in multiple formats **What do you dislike about Checkmarx?** integrating with build tools is not fun **What problems is Checkmarx solving and how is that benefiting you?** scanning the vulnerabilities in source code ### 28. Best security tool **Rating:** 3.5/5.0 stars **Reviewed by:** Raju K. | Small-Business (50 or fewer emp.) **Reviewed Date:** January 11, 2018 **What do you like best about Checkmarx?** We used the tool to find security flaws in our software it helped us to find cross side scripting bugs in an easy way **What do you dislike about Checkmarx?** When we integrate with Jenkins the report sent by CheckMarx is not easily redable **What problems is Checkmarx solving and how is that benefiting you?** Security Code Analysis Cross side scripting SQL injections ### 29. Best software purchase we ever made. **Rating:** 5.0/5.0 stars **Reviewed by:** Dev B. | Co-Founder / Cyber Security, Mid-Market (51-1000 emp.) **Reviewed Date:** October 25, 2017 **What do you like best about Checkmarx?** Really easy to use and the level of detail you can access is amazing. **What do you dislike about Checkmarx?** The Cost, it is not cheap, but not good rarely is. **What problems is Checkmarx solving and how is that benefiting you?** Static Code Scan for PCI ### 30. Super easy to install! **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Media Production | Small-Business (50 or fewer emp.) **Reviewed Date:** January 11, 2018 **What do you like best about Checkmarx?** Easy installation and rollout, it performs thorough scans across most, if not all all, languages. **What do you dislike about Checkmarx?** The work-layout requires a full screen, and like four windows. It''s not something you can do passively because it takes the whole screen. **What problems is Checkmarx solving and how is that benefiting you?** Strengthening security by making the code airtight. And making cleaning the code provides many pluses, in general. ### 31. Good App **Rating:** 4.0/5.0 stars **Reviewed by:** Prashanth M. | SAP ABAP Developer, Automotive, Enterprise (> 1000 emp.) **Reviewed Date:** December 28, 2017 **What do you like best about Checkmarx?** Highly recommend Check mark in this current trend. **What do you dislike about Checkmarx?** Not having an option to choose personal email. **What problems is Checkmarx solving and how is that benefiting you?** Analytics ### 32. Innovative **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Education Management | Small-Business (50 or fewer emp.) **Reviewed Date:** December 28, 2017 **What do you like best about Checkmarx?** This is a very innovative company. The product is safe. **What do you dislike about Checkmarx?** Customer service is not so great. It takes a while for them to return your call. **Recommendations to others considering Checkmarx:** Consider it. Nothing to lose. If you do not like it, switch to something else. **What problems is Checkmarx solving and how is that benefiting you?** It is good for network security. ### 33. Not bad but could be better **Rating:** 2.5/5.0 stars **Reviewed by:** Verified User in Food Production | Enterprise (> 1000 emp.) **Reviewed Date:** December 28, 2017 **What do you like best about Checkmarx?** The software is responsive it is very dynamic and very thorough. If you need a dynamic system look here. **What do you dislike about Checkmarx?** Sometimes when you most need a part to save it is sometimes slow. **Recommendations to others considering Checkmarx:** Buy it **What problems is Checkmarx solving and how is that benefiting you?** Integrity, allows us to finish our job right. ### 34. Great for Code REviews **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.) **Reviewed Date:** December 20, 2017 **What do you like best about Checkmarx?** Reviews APEX code and most security/code scanners do not **What do you dislike about Checkmarx?** Results take a few minutes to return, not a huge issue but if you are in a time crunch you never know when they will arrive :) **What problems is Checkmarx solving and how is that benefiting you?** Providing reassurance to our customers ### 35. Checkmarx code scanner for Salesforce **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** November 28, 2017 **What do you like best about Checkmarx?** Fast code scanning capability and to the point recommendation. **What do you dislike about Checkmarx?** Many false positive scenarios are provided in results when scanning is done for Apex code **Recommendations to others considering Checkmarx:** Easy to use for code scanning of Force.com **What problems is Checkmarx solving and how is that benefiting you?** Salesforce code security issues. Ability to find major security issues and recommendation to fix them ### 36. Checkmarx for security scan of code base **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Food & Beverages | Small-Business (50 or fewer emp.) **Reviewed Date:** December 25, 2017 **What do you like best about Checkmarx?** Recommendations provided are easy to understand and actionable insights **What do you dislike about Checkmarx?** too many false positive results while scanning code **Recommendations to others considering Checkmarx:** Good tool to use for code scanning for beginners **What problems is Checkmarx solving and how is that benefiting you?** Code best practices ### 37. Good and practical **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** December 03, 2017 **What do you like best about Checkmarx?** Checkmarx has a lot of pros, easy to deploy and integrates well in the SDLC, board overage of language support. **What do you dislike about Checkmarx?** Very high number of false positives takes longer time to triage. **What problems is Checkmarx solving and how is that benefiting you?** Securing SDLC. ### 38. Spying on Salesforce inhouse Source **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Renewables & Environment | Enterprise (> 1000 emp.) **Reviewed Date:** November 28, 2017 **What do you like best about Checkmarx?** Static analysis & Apex Overview of unpackaged code **What do you dislike about Checkmarx?** Cost is a big concern and frequent analysis could be better if cost is not a concern. **What problems is Checkmarx solving and how is that benefiting you?** Threat identification in our custom code. Security requirements review. ### 39. Great security software **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Medical Devices | Enterprise (> 1000 emp.) **Reviewed Date:** December 20, 2017 **What do you like best about Checkmarx?** Application Security testing and the testing UI **What do you dislike about Checkmarx?** Still needs the break even analysis for the cases **What problems is Checkmarx solving and how is that benefiting you?** Application software vulnerablities and workflow needed ### 40. A really great way to run security tests **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Internet | Mid-Market (51-1000 emp.) **Reviewed Date:** September 15, 2017 **What do you like best about Checkmarx?** I was working on a project for Salesforce and needed to test my code and running CheckMarx against the code helped me get my development done faster and done right. **What do you dislike about Checkmarx?** The specific documentation for APEX is a little hard to parse but it helps point out where you need to look. **What problems is Checkmarx solving and how is that benefiting you?** We needed to test our APEX code and needed to make sure it was as secure as possible. ## Checkmarx Discussions - [What is Checkmarx used for?](https://www.g2.com/discussions/checkmarx-what-is-checkmarx-used-for) - 1 comment, 1 upvote - [Which testing method does Checkmarx support?](https://www.g2.com/discussions/which-testing-method-does-checkmarx-support) - 1 comment - [Does Checkmarx support DAST?](https://www.g2.com/discussions/does-checkmarx-support-dast) - 1 comment - [What is Checkmarx used for?](https://www.g2.com/discussions/what-is-checkmarx-used-for) - 2 comments - [View Checkmarx pricing details and edition comparison](https://www.g2.com/products/checkmarx/reviews?section=pricing&secure%5Bexpires_at%5D=2026-06-03+13%3A45%3A08+-0500&secure%5Bsession_id%5D=4e2dd6e9-75a8-4211-b69e-e6fc3621bd78&secure%5Btoken%5D=779a9045df9cbcc6cbf6d5d2825fb5e881afed4cad58b186a4f5651c5f34228d&format=llm_user) ## Checkmarx Integrations - [TeamCity](https://www.g2.com/products/teamcity/reviews) ## Checkmarx Features **Administration** - API / Integrations - Extensibility **Administration** - API / Integrations - Extensibility **Documentation** - Feedback - Prioritization - Remediation Suggestions **Agentic AI - Static Code Analysis** - Adaptive Learning - Natural Language Interaction - Proactive Assistance **Performance - AI AppSec Assistants** - Remediation - Real-time Vulnerability Detection - Accuracy **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Vulnerability Scan - Code Analysis **Security** - False Positives - Custom Compliance - Agility **Integration - AI AppSec Assistants** - Stack Integration - Workflow Integration - Codebase Contextual Awareness **Testing** - Command-Line Tools - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Testing** - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Agentic AI - Interactive Application Security Testing (IAST)** - Autonomous Task Execution **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution ## Top Checkmarx Alternatives - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) - 3.8/5.0 (25 reviews) - [SonarQube](https://www.g2.com/products/sonarqube/reviews) - 4.4/5.0 (140 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (877 reviews)