Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Codebashing | Secure Code Training For Epic Coders

Checkmarx

Reviews from AWS customer

2 AWS reviews
  • 5 star
    0
  • 4 star
    2
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

13 reviews
from and

External reviews are not included in the AWS star rating for the product.

    AkashSingh

Training has improved secure coding skills and now empowers developers to fix issues faster

  • April 21, 2026
  • Review from a verified AWS customer

What is our primary use case?

I have been working with Codebashing, which is one of the modules in Checkmarx. Checkmarx has different modules like Codebashing, SAST, DAST, and SCA, providing a complete AppSec platform that includes Codebashing.

Codebashing has been integrated with our IDEs like Jenkins, Visual Studio, and Eclipse. Whenever a developer identifies any kind of security-related vulnerabilities, they receive a lot of information from Codebashing, such as what exactly the vulnerability is, how it can be fixed, any games around that, and any videos related to those vulnerabilities. The developer watches these videos and learns how to fix those specific issues. Additionally, we organize tournaments to test developer capabilities in terms of how quickly they can identify and fix issues, and how effectively they handle those issues without creating new ones.

For Checkmarx, we are the customer, and we use this particular platform to service our customers.

What is most valuable?

The kind of remediation that Codebashing trains developers on is outstanding, as it relates developers to real-life use cases.

I would like to highlight the tournament feature of Codebashing as great, allowing us to organize competitions among skilled developers, which helps identify the best and most productive individuals in our organization.

Codebashing's adaptive learning paths help us by addressing different use cases among our customers, as some follow OWASP Top 10 guidelines while others adhere to CWE, PCI DSS, or HIPAA. This means Codebashing helps us comply with these requirements so developers do not make mistakes when remediating issues found in the source code.

I have a very clear example regarding the measurable impact Codebashing has had on our team's ability to identify security flaws early in development. One customer in the aviation sector had around 7.8 vulnerabilities in one thousand lines of code before implementing Checkmarx or Codebashing. After using Codebashing, we improved our mean time to remediation (MTTR) and reduced the defect count to 3.6 in one thousand lines of code.

What needs improvement?

I am not using Codebashing's up-to-date modules to address emerging security threats, as I handle the security part and this module is not relevant for me, although my development team might be using it.

I think the video content of Codebashing can be improved and should be updated regularly, as we currently see minimal updates in terms of real-time vulnerabilities.

I think the user interface (UI) features could be improved, as it is not very attractive when compared to competitors like Secure Code Warrior, which we recently evaluated.

For how long have I used the solution?

I have been working with Codebashing since we took Codebashing and Checkmarx in 2022, so it has been almost four years now.

What do I think about the stability of the solution?

Codebashing has been stable and reliable so far, as I have not seen any crashes or issues in platform usage, so it has been performing great for my team.

I would rate the stability and reliability of Codebashing a ten, as ten represents the highest level of stability.

What do I think about the scalability of the solution?

I can evaluate how scalable Codebashing is. I find Codebashing very scalable as we are currently using around 250 developers, having started with 50, so it has been increasing rapidly for the past four years.

How are customer service and support?

We often communicate with the technical support of Codebashing, as we have dedicated technical support for that.

My impression of their support is positive, as they are available on calls and emails, and they provide fast responses, abiding by the signed SLA for technical responses. I find them to be highly professional.

I would rate their support a nine out of ten.

We have not had any significant issues, as all L1 and L2 issues have been remediated immediately over calls, although some complicated issues take time to resolve due to R&D and engineering involvement. Overall, support from Checkmarx is good.

What was our ROI?

The return on investment with Codebashing has been evaluated by my business team, so I do not have any information about that.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing of Codebashing is based on contributing developers. I consider Codebashing an affordable solution, as we have been using the Checkmarx platform and it came to us at a very nominal cost.

Which other solutions did I evaluate?

The reason I switched to Codebashing is that we were already a user of Checkmarx, and since Codebashing is a module of it, we got great pricing from the Checkmarx team, which is why we onboarded Codebashing as a fully-fledged tool.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    reviewer2795235

Security weaknesses have been exposed early and testing now highlights where structure should improve

  • January 06, 2026
  • Review provided by PeerSpot

What is our primary use case?

I use Codebashing for security-related testing and aggressive testing, and also to stress-check code to expose weaknesses.

Ours is an HRA benefits application, and I use Codebashing for security testing or exposing weaknesses by attacking the input and intentionally passing malicious input. Through Codebashing, I can identify the required vulnerability. This means security testing, and a few of my colleagues have also been using Codebashing.

What is most valuable?

In my opinion, the best features Codebashing offers are early vulnerability discovery, improved defensive coding habits, and catching what automated tests miss.

When I talk about early vulnerability discovery through Codebashing, I mean conducting intentional adversarial review very early during development or code review only, rather than waiting for QA, a pen test, or production incidents.

Additional features worth highlighting are shared security ownership, knowledge transfer across the team, common attacking patterns, how real-world exploits work, and better PR and design discussions since I started using Codebashing.

What needs improvement?

Codebashing is powerful, but it is not perfect. Based on my experience, the product can be made more systematic rather than ad hoc. The approach should balance intuition with automation by combining Codebashing with static analysis, dependency scanning, and secret detection, focusing only on high-risk parts such as authentication, payments, and data access to avoid slow delivery.

Improvements are needed, and the balance and focus should be emphasized more on the improvement side.

For how long have I used the solution?

I have been using Codebashing for three years.

What do I think about the stability of the solution?

I would say Codebashing is stable.

What do I think about the scalability of the solution?

Codebashing's scalability is good.

How are customer service and support?

I have not been able to reach out to customer support because I did not face many issues, so I am satisfied regarding customer support.

What's my experience with pricing, setup cost, and licensing?

Everything was taken care of by the organization, so I did not have to do anything privately regarding pricing, setup cost, and licensing.

What other advice do I have?

For knowledge transfer or shared security ownership in my team, we ask questions such as 'What happens if this field is missing or tampered?' and 'Should this ID come from a token instead of a request?' Such PR reviews and knowledge transfers have been conducted with real-world examples, including real payloads that break assumptions and actual vulnerable code.

My advice regarding Codebashing would be to be practical, culture-focused, and incremental, starting with the high-risk areas such as authentication and authorization, data access APIs, and payments. The approach should focus on breaking the code, not the people.

I would rate this product a seven out of ten.

    Tharindu Malwenna

Developers have improved vulnerability awareness but require more customizable training options

  • October 17, 2025
  • Review from a verified AWS customer

What is our primary use case?

I have used SonarQube as a community product for static application security testing as well as quality gate checking for the organization. Now I have retired the community edition of SonarQube and I am currently working with Checkmarx for a proper solution.

In my current license configuration, I have Codebashing, secret scanning, and SAST.

Codebashing is solely purposed for training our developers regarding the vulnerabilities we have, and it has seamless integration within Checkmarx. I am running a security champions program which leverages Codebashing platform itself.

How has it helped my organization?

Codebashing serves as a baseline for developers, though not many advanced techniques are available. In the tournament phases, it mostly resembles a Kahoot tournament, so having more CTF capabilities within the platform would be beneficial.

The statistics are really good for the developers after we deployed Codebashing. When people do not know anything regarding a vulnerability, they can gain a basic idea of what that vulnerability is and how they can mitigate things. There are some lacking vulnerabilities in Codebashing platform itself, making it both advantageous and disadvantageous.

What is most valuable?

The best features of Codebashing are the skill trees and the way I can impose trainings for the developers, which is highly effective.

What needs improvement?

It would be beneficial for Codebashing platform if we were able to quickly customize the questionnaires. Currently, we have to work with predefined questionnaires or utilize another language to create quizzes. I would prefer having a GUI for that aspect so I can provide tailor-made questionnaires for the developers, allowing me to utilize Codebashing platform entirely instead of depending on other solutions.

For how long have I used the solution?

I have two years of experience with Checkmarx.

How are customer service and support?

With Codebashing solution, we had a couple of complications, such as account configuration issues. Because we are currently in the initial stages, the support is really good, but we have to wait and see.

Which solution did I use previously and why did I switch?

Initially, we had Contrast Security, and comparing with that, the coverage against the cost shows that Checkmarx is doing a good job.

How was the initial setup?

Codebashing and Checkmarx SAST are really easy to set up; it is a matter of figuring out the SSO configuration from our end. The rest of the things are currently using the SaaS solution provided by Checkmarx, so the initial setup phase is straightforward.

Scanning the entire organization takes time, which was one of the challenges we faced during the initial phase. To overcome such issues, we had to write scripts as workarounds.

What was our ROI?

With Codebashing we can see a clear difference; the vulnerability fixing ratio became 160% per month, and the density counts started reducing after implementation.

Which other solutions did I evaluate?

Based on the coverage we receive when comparing it with the IAS tool and the options we receive, such as ID integrations and direct impact on pull push requests, the pricing is much lower than IAS.

What other advice do I have?

I am not familiar with Codebashing updates frequency. We bought it through an agent. On a scale of 1-10, I rate this solution a 7.

    UTSAV A.

Fabulous

  • August 05, 2024
  • Review provided by G2

What do you like best about the product?
Very easy to understand and easy to manage the graphic interface
What do you dislike about the product?
Nothing as of now. I will say need to use this once
What problems is the product solving and how is that benefiting you?
If we talk about other product this product is easy to handle and manage

    Gaurav P.

A all in one Secure training platform for Developers and IT professionals

  • July 12, 2024
  • Review provided by G2

What do you like best about the product?
The Training modules it has are very interactive helping users to detect and remediate issues . Covers all OWASP top 10 along with various other security test cases.
What do you dislike about the product?
Cost consideration . Bit of customization challenges to the content .
What problems is the product solving and how is that benefiting you?
Shift Left where in developers need to be aware of secure coding practices . THis is where Checkmarx COdebashing is a boon . Comprehensive training plan , Material and content aim at assisting teams to understand basic concepts and help to mitigate security flaws well ahead of production.

    Taniya Roy

Has good stability and availability of comprehensive documentation

  • January 09, 2024
  • Review provided by PeerSpot

What is our primary use case?

We have been using the product for code-scanning purposes.

What is most valuable?

The platform is simple, easy to use, and easy to learn. It has comprehensive guidelines and a lot of documents and videos for an easy installation process. Apart from some default rules, it allows users to configure their own rules. Also, it is easy to configure as it has an extensive library for reference.

What needs improvement?

The product's pricing could be more flexible. At present, we have to buy an entire instance. Instead, they could introduce a pricing model based on specific requirements.

For how long have I used the solution?

We have been using Codebashing for three to four years.

What do I think about the stability of the solution?

The platform has good stability.

What do I think about the scalability of the solution?

Codebashing's cloud version might be more scalable than the on-premise version.

How was the initial setup?

The initial setup process is easy. It takes little time to complete for new users as well. However, it might take time if the infrastructure still needs to be implemented.

What other advice do I have?

Sometimes, Codebashing provides reports with false positives. Thus, I advise others not to rely on the reports and to do a thorough analysis. They may require to change a few configurations. Configuring your own rules is better than going for a default configuration.

I rate it an eight out of ten.

    Consumer Services

Best tool to learn and upskill yourself

  • November 09, 2023
  • Review provided by G2

What do you like best about the product?
The easiest ways and examples to learn coding and implementation
What do you dislike about the product?
The cost factor is one can be improved a bit
What problems is the product solving and how is that benefiting you?
Upskilling in careere by learning secure coding helped me in promotion as well

    Vishal M.

Nice platform to level up coding skills

  • November 02, 2023
  • Review provided by G2

What do you like best about the product?
The overall experience of the coding journey which feels so intuitive and game play alike and task based is really fun to learn.
Overall UI/UX and lots of training problems on almost all the major coding languages makes this platform must to try for coding lovers.
What do you dislike about the product?
UI lag keeps user experience good, which otherwise would have been great. Also the pricing looks a bit too premium for such a platform, I think many individuals would give a thought before getting their hands dirty owing to this.
What problems is the product solving and how is that benefiting you?
Helps improving the code quality and more towards learning more secure coding standards which would otherwise be loopholes in the product.

    Trung R.

Mitigating security risks in our software

  • October 24, 2023
  • Review provided by G2

What do you like best about the product?
Codebashing consistently meets my expectations. It stands out from the tools.
What do you dislike about the product?
The platform is more user-friendly with navigation and clearer instructions. It does provide value there is room, for improvement.
What problems is the product solving and how is that benefiting you?
Checkmarx Codebashing insecure coding practices. It offers a practical training platform. This increases our developers skills.

    Zoe H.

Equipping our developers with hands on training

  • October 12, 2023
  • Review provided by G2

What do you like best about the product?
Theres nothing to dislike about this product. It is a simple and attractive interface.
What do you dislike about the product?
Tthe support for remediation is more comprehensive as it sometimes falls short in solving security issues.
What problems is the product solving and how is that benefiting you?
Checkmarx Codebashing eliminate the issue of security vulnerabilities, in code, which identify and resolve these issues. It has increased our code quality and mitigated security risks.

showing 1 - 10