We use the product for static code analysis, supply chain, and container security.
Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
47 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Has a valuable static code analysis feature and a simple setup process
What is our primary use case?
What is most valuable?
The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility.
What needs improvement?
The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform.
For how long have I used the solution?
We have been using Checkmarx's on-premise version for four years. We switched to the cloud version recently.
What do I think about the stability of the solution?
I rate the product's stability a nine or ten out of ten.
What do I think about the scalability of the solution?
We have 40 Checkmarx users in our organization. I rate its scalability a nine out of ten.
How are customer service and support?
The technical support team promptly addresses the issues.
How was the initial setup?
The initial setup process is easy.
What other advice do I have?
I rate Checkmarx an eight out of ten.
Good Tool with good interfaces and edveloper friendly environment
What do you like best about the product?
UI implementations are really good (Data Flow Matrixes)
suggestions are provided for the most suitable place to fix a set of vulnerabilities.
Most of the integrations are working seamlessly
suggestions are provided for the most suitable place to fix a set of vulnerabilities.
Most of the integrations are working seamlessly
What do you dislike about the product?
Support service is getting delayed sometimes
Some of the findings tend to be false positives
Scanning time is slow when compared with other tools.
Some of the IDE integrations aren't working as intended.
Some of the findings tend to be false positives
Scanning time is slow when compared with other tools.
Some of the IDE integrations aren't working as intended.
What problems is the product solving and how is that benefiting you?
Checkmarks provided a lot of visibility to our development cycles. It has the capability to scan the entire GitHub or scan a specific branch. Using the Checkmarks tool we were able to stop major vulnerabilities appears in production.
A stable solution that helps with dynamic application testing
What is our primary use case?
We use the solution for dynamic application testing.
What needs improvement?
I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side.
For how long have I used the solution?
I have been working with the product for seven months.
What do I think about the stability of the solution?
I would rate the product's stability a ten out of ten.
What do I think about the scalability of the solution?
I would rate the product's scalability a ten out of ten. My company has 15 users for the produc.
How are customer service and support?
The solution's technical support is good.
How would you rate customer service and support?
Positive
How was the initial setup?
The tool's setup is very straightforward and I would rate it a ten out of ten. The product's deployment took one to two months to complete. We required the technical and development team which consisted of four to five people to handle the deployment.
What's my experience with pricing, setup cost, and licensing?
The solution's price is high and you pay based on the number of users.
What other advice do I have?
I would rate the product a ten out of ten. The solution is the best tool for developers and organizations.
Requires in-depth knowledge of coding and bad stability
What is our primary use case?
It is used for scanning for some other purposes. We needed Checkmarx to figure out some OS top ten issues in the codec.
What is most valuable?
The only thing I like is that Checkmarx does not need to compile. That's a good feature.
What needs improvement?
Checkmarx is not good because it has too many false positive issues. The software does not understand the code very well. It does not handle the process very well and misunderstands the logic, resulting in too many false positives. As per my experience, more than 80% of the issues are false positives, and it takes too much time to figure out which ones are true and which ones are false positives.
Therefore, this is one of the areas of improvement for Checkmarx. It requires in-depth knowledge of the coding.
For how long have I used the solution?
I have been using Checkmarx for more than a year. We are using the latest version.
What do I think about the stability of the solution?
I would rate it as four because the scanning engine can crash sometimes.
What do I think about the scalability of the solution?
I would rate scalability a three out of ten.
How are customer service and support?
The technical support is not good because they charge an extra fee. If we pay them on a call basis, they will charge extra. We can only give them emails; if we have a problem, it takes over half a year to fix the issue. They're just too slow.
How would you rate customer service and support?
Neutral
How was the initial setup?
The deployment is easy, but it may take around half an hour or even more because the software is huge. Also, good hardware performance is required, such as big memory and disk space.
It requires a lot of disk space and good hardware performance, and the speed is slow.
What about the implementation team?
The deployment is pretty tough to do by myself.
What's my experience with pricing, setup cost, and licensing?
It's expensive. I would give it a four out of ten.
Which other solutions did I evaluate?
We just calculated the speed of Checkmarx; it is around 40 lines of code per second. It's too slow, so we now use a Chinese software called XCheck, which is much better. It can scan around 2,000 or 5,000 lines per second, depending on the code complexity. XCheck is a product of a Chinese company called Tencent.
What other advice do I have?
Overall, I would rate the solution a three out of ten.
Responsive support, useful code-checking module, and high availability
What is our primary use case?
Checkmarx is used to check the code from programmers and vulnerabilities in third-party software.
Checkmarx can be deployed on the cloud and on-premise. However, it depends on the version.
How has it helped my organization?
Checkmarx detected code sections that did not adhere to best practices. After being informed, the programmers were able to rectify some of the issues. Without Checkmarx, it is unlikely we would have identified these issues.
Utilizing the SCA module, I gained valuable insights into the vulnerabilities present in open-source Python libraries that individuals desire to use. As an information security consultant, I advise against employing Python libraries that contain known vulnerabilities. The SCA solution proved to be helpful in this regard.
What is most valuable?
The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful.
What needs improvement?
Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not.
In a future release, the SCA module could have better documentation. It was difficult to know how to check the names of all the modules. It took me a lot of time and I needed help to be able to write the requirements file. More clarification would be helpful in the documentation, such as examples.
For how long have I used the solution?
I have been using Checkmarx for approximately six months.
What do I think about the stability of the solution?
The stability is great.
I rate the stability of Checkmarx a ten out of ten.
What do I think about the scalability of the solution?
The scalability of the solution is great. Everything I send to the solution is processed quickly.
We have five information security analysts and programmers using this solution.
We plan to increase our usage. We will install it on more networks.
I rate the scalability of Checkmarx a ten out of ten.
How are customer service and support?
I found someone in the evening that logged in and answered my issues. They are responsive.
I rate the support of Checkmarx a ten out of ten.
How would you rate customer service and support?
Positive
What other advice do I have?
We have one person for the maintenance of the solution but it is minimal and is not a full-time job.
I would advise others to ask for a demo of the solution and if it works well for their use case then purchase it.
I rate Checkmarx a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Developer-friendly and reliable but a non-developer may struggle
What is our primary use case?
We are currently using the solution for scanning code-level vulnerabilities.
What is most valuable?
Checkmarx is more developer friendly. Developers are aware of how to use Checkmarx. It's not too complicated, and they can understand what the problem is in their code, and it helps them to write secure code. That's a big thing. It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx. That's the main positive point.
What needs improvement?
A non-developer may struggle with the solution.
Codebashing is the learning platform that comes bundled with Checkmarx. The thing with Codebashing is that they give you tips on how to write secure code. However, I saw other developers complain about this. Instead of telling you what the good practices are, it would be more helpful, when we are writing the code, alongside that code, to have Codebashing tell us where exactly we are going wrong and how to help secure code and if there are specific scenarios we should be considering. Basically, the integration needs to be better.
There's a general lack of space.
Checkmarx has a slightly difficult compilation with the CI/CD pipeline. If it could be easily integrated into the CI/CD pipeline, then it would be much easier for developers rather than being an extra step that developers have to take to make the code secure.
For how long have I used the solution?
We've used the solution since 2019.
What do I think about the stability of the solution?
The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
In general, it can scale.
There are certain scenarios where scalability becomes an issue. I can't really give any examples, however, while it can scale, there may be hiccups.
We may have up to a few hundred users on the solution.
How are customer service and support?
As far as I'm aware, there is a team at Checkmarx that we can contact and they are there to help us with some basic queries. It's not continuous support. It's more like they're there on the side, and we can contact them as and when required.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have used and looked at a mix of options, including Veracode and FOSSA.
Right now, I don't really have a competing vendor in my company, so I can't compare. More importantly, I don't have that much experience with others to compare anything accurately.
How was the initial setup?
I did not handle the initial setup and, therefore, cannot speak to how easy or difficult the process would be.
What's my experience with pricing, setup cost, and licensing?
The licensing is okay. I'd rate it 3.7 out of five. It is moderately priced yet not overly expensive.
What other advice do I have?
Right now, we are partners.
We have the solution deployed in the cloud and on-premises. It's a hybrid setup.
I'd rate the solution seven out of ten.
I'd recommend the product to other users.
Which deployment model are you using for this solution?
Hybrid Cloud
Checkmarx Review
What do you like best about the product?
Checkmarx Tool Scans the code pretty well. Gives accurate results in-depth analysis can be done because checkmarx provides Flow of code from source till the values getting executed
What do you dislike about the product?
Checkmarx reports false positives issues a lot. If it's a big application code base it's tough to control the number of false positive issues to analyse.Reporting can also be improved
What problems is the product solving and how is that benefiting you?
Checkmarx tool has Library scanning as well. It gives accurate results in reporting Vulnerable libraries. Accuracy has been spot on when it comes to reporting Library issues
Best tool for Source code scanning
What do you like best about the product?
The most valuable features are the easy to understand interface, and it 's very user-friendly. Reduce the code using cxsast plugin. It will scan code line by line and find most of vulnerabilities. Very easy to use. Vulnerability report is awesome.
What do you dislike about the product?
UI should update. Reduce the false positive. Please upgrade rules set to avoid the false positive.
What problems is the product solving and how is that benefiting you?
It will find the vulnerabilities like SQL injection, cross site scripting, command injection, Xxe etc vulnerabilities. Scan speed is very good. We can review the issue easily.
To find any security vulnerabilities Checkmarx is a awesome tool
What do you like best about the product?
Easy to scan any application to find any security threats
What do you dislike about the product?
After marking false positives still, sometimes it shows the same issue as a security issue as high or critical.
What problems is the product solving and how is that benefiting you?
Security vulnerabilities scan for application. Yes, it helps be updated with Jars helping to escape being hacked.
Be a step ahead by identifying vulnerability using checkmarx to
What do you like best about the product?
It identifies all the security vulnerabilities making your code secure than ever before. It also categorises the vulnerability into different categories based on the risk associated. Can be easily integrated with your CI pipeline to have you code scan with every build
What do you dislike about the product?
We can have a more better and user friendly UI to go through the report.
What problems is the product solving and how is that benefiting you?
Identifying the vulnerability before the code goes into production so that all the risks can be mitigated and we don't have to worry about it once code gets live
showing 11 - 20