Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
47 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Checkmarx : Enable SAST for CI/CD Effortlessly
What do you like best about the product?
The best features of Checkmarx are:
1) Open Source vulnerability scanner
2) Integration with multiple Ci/CD orchestration tools
3) Real-time reporting of static code vulnerabilities
1) Open Source vulnerability scanner
2) Integration with multiple Ci/CD orchestration tools
3) Real-time reporting of static code vulnerabilities
What do you dislike about the product?
I feel the Jenkins code snippet of Checkmarx is a bit complex, and it could be a lot simpler.
What problems is the product solving and how is that benefiting you?
We have enabled SAST in our CI/CD pipelines using Checkmarx. It saves a lot of time as the integration of Checkmarx with our CI/CD orchestration tool achieves maximum automation and reduces the time significantly.
Impressed with the Codebashing platform and AppSec awareness
What do you like best about the product?
Checkmarx has an impressive Codebashing feature that has the edge over SonarQube. The application tracking-reporting feature is good too. I like the "delta-scan" feature as it is really good for cases when there are very frequent scans needed (e.g. with every major code commit, we don't want the entire source code scan to happen again). Having used both tools extensively (SonarQube and Checkmarx), I prefer Checkmarx overall. Checkmarx also fares better compared to peers when it comes to finding any vulnerabilities within the database. Since ours is a user-information driven applicaiton, it becomes even more imminent to identify the data-specfic vulnerabilities at the earliest.
What do you dislike about the product?
Dashboarding could be better. The UI to show the current issue and the descriptive/suggestive text for the potential fix could be more "obvious" to the end-users. SonarQube scores over checkmarx in this regard.
Also, dashboarding could provide a little more flexibility towards the creation of new widgets.
One ore thing that I disliked about Checkmarx is that I could not find a free version in the market. Even for making an initial comparison, I had to contact the sales rep (the sales rep were pretty quick to respond, though).
Also, dashboarding could provide a little more flexibility towards the creation of new widgets.
One ore thing that I disliked about Checkmarx is that I could not find a free version in the market. Even for making an initial comparison, I had to contact the sales rep (the sales rep were pretty quick to respond, though).
What problems is the product solving and how is that benefiting you?
Static code analysis helps identify AppSec related issues at the earliest. Also, integration with the CICD pipeline ensures quality gating.
Ours is new product development in the earlier stages, and checkmarx is truly helping us by providing the developers and early insight into what could be done "right" from the beginning and instill a culture of finding issues at the earlier stage of development.
Ours is new product development in the earlier stages, and checkmarx is truly helping us by providing the developers and early insight into what could be done "right" from the beginning and instill a culture of finding issues at the earlier stage of development.
Recommendations to others considering the product:
Check your organization's needs. Checkmarx is comparitively expensive, and there is no free edition to try out first, as far as I know.
An efficient application to check vulnerability in the software
What do you like best about the product?
CheckMarx has been used an application to scan the applications to rectify vulnerability in the code and to check the security lapses. I have been using checkMarx to check the same in my .NET application and have found checkMarx to be great use. I would like to mention few good things about the same .
1.) It has support to many languages . In my case it can find the lapses in C#, Java script, J query , Typescript .
2.) The description is quite clear about the issues which makes it easier to understand the problem statement behind the security lapse.
3.) The online community present for CheckMarx is quite good which makes it easier to find the resolution
1.) It has support to many languages . In my case it can find the lapses in C#, Java script, J query , Typescript .
2.) The description is quite clear about the issues which makes it easier to understand the problem statement behind the security lapse.
3.) The online community present for CheckMarx is quite good which makes it easier to find the resolution
What do you dislike about the product?
Even though CheckMarx is quite helpful to check the security threats in the application code there are few things which can be improved by the CheckMarx team to make it more useful and efficient .
1.) There are many false positives which increase a lot of issues which in turn are required to marked as non exploitable
2.) Per user cost of CheckMarx subscription is high which makes it difficult for the small organisation to own it completely.
1.) There are many false positives which increase a lot of issues which in turn are required to marked as non exploitable
2.) Per user cost of CheckMarx subscription is high which makes it difficult for the small organisation to own it completely.
What problems is the product solving and how is that benefiting you?
I have been using CheckMarx in my organisation to find the code related issues in the .NET application. This has helped in a great way to re mediate the security lapses and refactor the code to make it more efficient.
Recommendations to others considering the product:
Use it to refactor the code of your application and re mediate the security lapses
Good and very useful sast tool
What do you like best about the product?
The report generated by this tool is comprehensive and easy to understand
It has good charts
It has good charts
What do you dislike about the product?
The report some times have false positives and duplication
What problems is the product solving and how is that benefiting you?
Performing security testing using this tool
The lightest and most complete static analysis tool with best place to fix
What do you like best about the product?
ease of deployment. Number of supported languages and best place to fix function.
What do you dislike about the product?
Too much detail in the report for small security shops.
What problems is the product solving and how is that benefiting you?
Fixed code flaws before deployment. Dramatically decreased rework and refactoring.
Recommendations to others considering the product:
Filter the final report by severity and concentrate on the most important issues first.
Great application for Software security
What do you like best about the product?
Results are pretty good with CheckMarx. This tool is helpful to build secure source code. CheckMarx scan report gives detailed view of each issue and flowchart is given for the variables which might cause security threat. Code scanning is fast.
What do you dislike about the product?
Sometimes reports generated by the CheckMarx scan contain lot of false positive issues even though code is designed in a way that ensures security. This decreases the readability of the reports.
What problems is the product solving and how is that benefiting you?
Sotware application is tested using CheckMarx.
Benefits:
1. Secure code development and best coding practices
2. Possible vulnerabilities and threats identification to assure software quality
3.
Benefits:
1. Secure code development and best coding practices
2. Possible vulnerabilities and threats identification to assure software quality
3.
Recommendations to others considering the product:
Great tool designed for security scan.
Great for finding overlooked or unthought of issues
What do you like best about the product?
I like the way that the checkmarx report provides a detailed account of al potential vulnerabilities and then provides examples of how the issue can be fixed. This is very helpful when it comes to trying to resolve all issues.
What do you dislike about the product?
As with anything automated, some issues that are found are just non-issues. We use several different security gating products like Checkmarx and I would say that it is less often incorrect than the others.
What problems is the product solving and how is that benefiting you?
We are making our application more secure and staying in the know about new threats and vulnerabilities.
Recommendations to others considering the product:
It is a good way to catch potential vulnerabilities in your code. With a large code base and many contributors this can be next to impossible if you rely on manual methods (ie. code review).
We use it for checking the test cases
What do you like best about the product?
Automation has been much more easier with the checkmarx
What do you dislike about the product?
Even if 1 test fails it shows the everything as failed
What problems is the product solving and how is that benefiting you?
Automation is the main purpose of our use.
Code quality using Checkmarx
What do you like best about the product?
It gives suggestions of technical issues correctly.
What do you dislike about the product?
Its a little confusing with existing code bases.
What problems is the product solving and how is that benefiting you?
Better code quality is obtained using Checkmarx.
Recommendations to others considering the product:
Better in finding code issues.
nice
What do you like best about the product?
providing the scan report in multiple formats
What do you dislike about the product?
integrating with build tools is not fun
What problems is the product solving and how is that benefiting you?
scanning the vulnerabilities in source code
showing 21 - 30