Agent Mode
English
    Checkmarx One logo

    Checkmarx One

    Sold by
    Checkmarx 
    Checkmarx One helps you deliver secure software faster with an integrated Application Security Testing platform deployed as a service. A single event, like a code commit or build stage, can trigger scans of your source code, dependencies, and IaC templates, with results aggregated in one place.
    Leave a review

    Ratings and reviews

    4.2
    67 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    48%
    49%
    1%
    1%
    0%
    4 AWS reviews
    |
    63 external reviews
    External reviews are from G2  and PeerSpot .

    Filters

    Review type

    AWS Marketplace reviews
    External reviews
    Reviews (67)
    uday n.

    Seamlessly Integrates Security Into the Development Lifecycle

    Reviewed on Jun 24, 2026
    Review provided by G2
    What do you like best about the product?
    its ability to integrate security directly into software development life cycle
    What do you dislike about the product?
    deeper security analysis can sometimes increase scan duration
    What problems is the product solving and how is that benefiting you?
    helps catch security issues early in development
    Nitesh A.

    Automated Checkmarx Scans Keep Us Ahead of Key Vulnerabilities

    Reviewed on Jun 20, 2026
    Review provided by G2
    What do you like best about the product?
    we use checkmark to scan Salesforce code base in GitHub. we have automated the checkmarx run of scans so we are aware of key vulnerabilities so we can fix them before time. The scans are showing good results, export options are good. overall a good product
    What do you dislike about the product?
    What we found was the scan results derived from repo scan using Salesforce Security portal scans are different from the results of checkmark scans.
    What problems is the product solving and how is that benefiting you?
    Checkmarx helps us to automate repo scans, provides good insights into vulnerabilities or major issues in code and segregates them in terms of severity. It also provides option to upload results as false positive So these do not get reported again n again. The exports are good to submit for security review. The UI design is good and intuitive. We found the scans run pretty fast and hence better in performance. We good good response and support from checkmark team for any issues or new features. Overall good experience.
    Aman M.

    Centralized Source Code Security with Seamless CI/CD Integration

    Reviewed on Jun 19, 2026
    Review provided by G2
    What do you like best about the product?
    Checkmarx is a centralized security tool that provides end-to-end insights into source code security and vulnerabilities. It also helps improve the efficiency of the source code by highlighting the associated risks and suggesting ways to remediate the vulnerabilities. In addition, it shows vulnerabilities in the open-source libraries and packages we use in our source code through SCA scans.

    One thing I like the most is how well it integrates with our CI/CD tooling. We can plug it into our DevSecOps CI/CD flow, and developers can see scan insights directly from the pipeline itself, without needing to log in to the Checkmarx UI separately.
    What do you dislike about the product?
    It should better cope with modern software development lifecycles and provide end-to-end support for scanning any valid file extensions. For example, we are migrating from Node JS to TypeScript, and as part of that change we updated our .js files to use the .mjs extension. However, Checkmarx still does not support scanning .mjs files. We reported this issue to them about a year ago, but even now it remains unsupported. The current suggestion is to rename .mjs files to .js when uploading code for Checkmarx scans, which is not a practical workaround for us.
    What problems is the product solving and how is that benefiting you?
    End-to-end security scanning for source code, including SAST and SCA scanning. It also supports API security scanning, IaC file scanning, and secret detection. Seamless integration with native CI/CD tools makes it easy to integrate Checkmarx into DevSecOps pipelines.

    This reduces the Source Codes attack surface and by that we have achieved over 70%-80% of improvement in overall Code Security and our feature releases is now bullet proof from Security attacks
    Arya S.

    Comprehensive Application Security with Checkmarx

    Reviewed on Jun 17, 2026
    Review provided by G2
    What do you like best about the product?
    I like Checkmarx because it provides comprehensive application security, with accurate vulnerability detection, risk-based prioritization, and clear remediation recommendations.
    What do you dislike about the product?
    One area that could be improved is the number of false positives generated during scans, as this can add extra time to validation and triage. In addition, scans may take longer when running against large codebases.
    What problems is the product solving and how is that benefiting you?
    Checkmarx helps us address the challenge of identifying security vulnerabilities early in the software development lifecycle, before they reach production. It scans source code, open-source dependencies, APIs, and other application components to detect security risks and provide remediation guidance. For us, this reduces the likelihood of security incidents, supports compliance efforts, reinforces secure development practices, and helps development teams fix vulnerabilities faster without significantly slowing delivery timelines.
    Program Development

    Seamless Developer Workflow Integration for Real-Time Vulnerability Fixes

    Reviewed on May 31, 2026
    Review provided by G2
    What do you like best about the product?
    Checkmarx integrates directly into the developer workflow. By providing plugins for popular IDEs, CI/CD pipelines, and source code management (SCM) platforms, it allows developers to catch and fix vulnerabilities in real time without context-switching
    What do you dislike about the product?
    Running the application can strain local servers, and I note that the system requires substantial RAM and processing power to perform efficiently.
    What problems is the product solving and how is that benefiting you?
    Checkmarx solves the critical problem of vulnerabilities slipping into production code, which directly benefits me by reducing security risks and saving development time.
    Information Technology and Services

    Proactive Security and Smooth Cross-Team Collaboration

    Reviewed on May 30, 2026
    Review provided by G2
    What do you like best about the product?
    Its proactive approach to security.. I like how it enables you to collaborate with other teams.
    What do you dislike about the product?
    the only concern I had initially was the complexity the platform has a steep learning curve. and the Cost
    What problems is the product solving and how is that benefiting you?
    Protects customers data, and lowered remediation cost.
    Amshu P.

    Powerful for Security, But Needs UI Improvements

    Reviewed on May 27, 2026
    Review provided by G2
    What do you like best about the product?
    I like Checkmarx for its security testing at the application level. It's practical even though it wasn't really easy to use at first. I appreciate its security capabilities, easy navigation, and the reporting which works pretty well.
    What do you dislike about the product?
    It was really tough for me to use initially, felt kinda confusing but got used to it as I started working with it. UI could be better. Scans take a lot of time and I used to get false positives, which required so much energy ugh. I stopped using it because the cost was too high for my boss and he stopped paying for it. Tough, it took like, days for the team to properly set it up.
    What problems is the product solving and how is that benefiting you?
    Checkmarx helps with scanning code and addressing security issues, offering good security testing capabilities with easy navigation and solid reporting for our team.
    Tadele L.

    Essential for Secure Development, Accurate and Efficient

    Reviewed on May 26, 2026
    Review provided by G2
    What do you like best about the product?
    I like Checkmarx for its accurate vulnerability detection, easy CI/CD integration, and detailed remediation guidance that helps developers fix security issues quickly.
    What do you dislike about the product?
    Checkmarx could improve scan performance for large projects, reduce false positives, and provide a more user-friendly interface for easier navigation and reporting.
    What problems is the product solving and how is that benefiting you?
    Checkmarx helps us identify and fix application security vulnerabilities early in the development lifecycle, improve secure coding practices, and automate security testing within CI/CD pipelines.
    Banking

    Practical Security Testing for Development Teams

    Reviewed on May 26, 2026
    Review provided by G2
    What do you like best about the product?
    What I like most about Checkmarx is that it helps us think about security earlier in the development process instead of discovering issues later when they are more difficult to fix. It has made conversations between the security and development teams much more productive and efficient.
    What do you dislike about the product?
    One area where Checkmarx could improve is the amount of effort sometimes needed to review and prioritize findings, especially in larger projects. While the information is useful, it can take time to determine which issues should be addressed first.
    What problems is the product solving and how is that benefiting you?
    Checkmarx helps us identify security concerns while applications are still being developed, rather than finding them after deployment. This has helped our team address issues earlier, reduce rework, and build more secure applications with greater confidence.
    Navdeep_Singh

    Security scans have transformed how I detect vulnerabilities and collaborate on rapid remediation

    Reviewed on Jan 24, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My main use case for Checkmarx One is mostly for scanning and vulnerability detection, and in that, I mostly use the SAST scans and access management for users and the remediation part for scans.

    A recent scenario is that Checkmarx One is integrated with the pipeline, so mostly our DevOps engineer can scan it from the pipeline, the security scan is initiated, and I get reports in Checkmarx, and I share that, and accordingly, I help developers to remediate vulnerabilities in the code. That's how I use it.

    I also manage policies that are for security scan features like implementation of security gates, according to which, the application will be blocked from pipeline production. And to reduce vulnerability, mostly, I use it.

    What is most valuable?

    The best features Checkmarx One offers, in my opinion, are that it is easy to use, and there is not much deep diving into this. Anyone can use it for scanning purposes and for security gate purposes. It is really helpful, to be honest. For me, I personally believe it is a great tool.

    The entire process in Checkmarx One is easy to understand, and although not a particular part stands out, there are no multiple features which I need to enable, or I have to deep dive into another tab or options for scanning and doing work. I can directly do this from the home page, and I can use it even for basic tasks.

    Checkmarx One has helped with efficiency and security for sure, as I am able to detect vulnerabilities on the earliest basis and help developers to remediate them. It really helps a lot at the enterprise level.

    Most probably, the most common thing that Checkmarx One does is reduce the vulnerabilities and the criticality of the vulnerabilities also. I am able to detect, and in the same way, I can collaborate with developers to remediate them on the earliest basis. That is a useful part.

    What needs improvement?

    I wish there could be some features to improve Checkmarx One, but I don't think so. It is an easy-to-use application, so I'm happy with the current features. I don't think there is anything required.

    The latest version or upgraded version of Checkmarx One is too good, and I'm satisfied.

    There are some downtimes when Checkmarx One is being upgraded to the latest version or some improvement is there. Sometimes I face issues, and I get a notification from Checkmarx. That's okay.

    For how long have I used the solution?

    I have been using Checkmarx One for the last three years for my daily work in the office, in my daily routine work.

    What do I think about the scalability of the solution?

    Checkmarx One's scalability is that I have a limited license number, and accordingly, it is able to manage most of my scans and the number of scans at the same time.

    How are customer service and support?

    Customer support for Checkmarx One is good because I had some doubts or issues, so I asked them, and I got a reply within 24 working hours. That's good, I would say.

    What other advice do I have?

    I would advise others to use Checkmarx One, as it is a good application, and for most of the work I do, I would suggest SAST scans are really helpful, and it is easy to use. I need not do much work, and it will be helpful for any organization that is using it. I'm not sure about the pricing metrics, but it is helpful. I gave this review a rating of 9.5 out of 10.