Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Best in class SAST solution in the market
What do you like best about the product?
I like the SAST-ification thing in overall, it is having all offering varies from source code scans to sca, to license scanning and does a great job finding vulnerabilities. It is easy to use and visually easy to look around for the bugs. Similarly very optimized so that we can integrate with the CI/CD pipelines
What do you dislike about the product?
The cost acquiring in all of the modules is pretty high.
What problems is the product solving and how is that benefiting you?
Solving major bugs right from the code by applying shift left approach in an easier way.
- Leave a Comment |
- Mark review as helpful
A good alternative in a fierceful market
What do you like best about the product?
Integration with CI/CD is pretty fetatureful.
What do you dislike about the product?
High number of false positives unless you carefully tailor it to each project.
What problems is the product solving and how is that benefiting you?
Automatic CI/CD SAST testing before each new feature or release.
Good Tool with good interfaces and edveloper friendly environment
What do you like best about the product?
UI implementations are really good (Data Flow Matrixes)
suggestions are provided for the most suitable place to fix a set of vulnerabilities.
Most of the integrations are working seamlessly
suggestions are provided for the most suitable place to fix a set of vulnerabilities.
Most of the integrations are working seamlessly
What do you dislike about the product?
Support service is getting delayed sometimes
Some of the findings tend to be false positives
Scanning time is slow when compared with other tools.
Some of the IDE integrations aren't working as intended.
Some of the findings tend to be false positives
Scanning time is slow when compared with other tools.
Some of the IDE integrations aren't working as intended.
What problems is the product solving and how is that benefiting you?
Checkmarks provided a lot of visibility to our development cycles. It has the capability to scan the entire GitHub or scan a specific branch. Using the Checkmarks tool we were able to stop major vulnerabilities appears in production.
Checkmarx Review
What do you like best about the product?
Checkmarx Tool Scans the code pretty well. Gives accurate results in-depth analysis can be done because checkmarx provides Flow of code from source till the values getting executed
What do you dislike about the product?
Checkmarx reports false positives issues a lot. If it's a big application code base it's tough to control the number of false positive issues to analyse.Reporting can also be improved
What problems is the product solving and how is that benefiting you?
Checkmarx tool has Library scanning as well. It gives accurate results in reporting Vulnerable libraries. Accuracy has been spot on when it comes to reporting Library issues
Best tool for Source code scanning
What do you like best about the product?
The most valuable features are the easy to understand interface, and it 's very user-friendly. Reduce the code using cxsast plugin. It will scan code line by line and find most of vulnerabilities. Very easy to use. Vulnerability report is awesome.
What do you dislike about the product?
UI should update. Reduce the false positive. Please upgrade rules set to avoid the false positive.
What problems is the product solving and how is that benefiting you?
It will find the vulnerabilities like SQL injection, cross site scripting, command injection, Xxe etc vulnerabilities. Scan speed is very good. We can review the issue easily.
To find any security vulnerabilities Checkmarx is a awesome tool
What do you like best about the product?
Easy to scan any application to find any security threats
What do you dislike about the product?
After marking false positives still, sometimes it shows the same issue as a security issue as high or critical.
What problems is the product solving and how is that benefiting you?
Security vulnerabilities scan for application. Yes, it helps be updated with Jars helping to escape being hacked.
Be a step ahead by identifying vulnerability using checkmarx to
What do you like best about the product?
It identifies all the security vulnerabilities making your code secure than ever before. It also categorises the vulnerability into different categories based on the risk associated. Can be easily integrated with your CI pipeline to have you code scan with every build
What do you dislike about the product?
We can have a more better and user friendly UI to go through the report.
What problems is the product solving and how is that benefiting you?
Identifying the vulnerability before the code goes into production so that all the risks can be mitigated and we don't have to worry about it once code gets live
Checkmarx : Enable SAST for CI/CD Effortlessly
What do you like best about the product?
The best features of Checkmarx are:
1) Open Source vulnerability scanner
2) Integration with multiple Ci/CD orchestration tools
3) Real-time reporting of static code vulnerabilities
1) Open Source vulnerability scanner
2) Integration with multiple Ci/CD orchestration tools
3) Real-time reporting of static code vulnerabilities
What do you dislike about the product?
I feel the Jenkins code snippet of Checkmarx is a bit complex, and it could be a lot simpler.
What problems is the product solving and how is that benefiting you?
We have enabled SAST in our CI/CD pipelines using Checkmarx. It saves a lot of time as the integration of Checkmarx with our CI/CD orchestration tool achieves maximum automation and reduces the time significantly.
Impressed with the Codebashing platform and AppSec awareness
What do you like best about the product?
Checkmarx has an impressive Codebashing feature that has the edge over SonarQube. The application tracking-reporting feature is good too. I like the "delta-scan" feature as it is really good for cases when there are very frequent scans needed (e.g. with every major code commit, we don't want the entire source code scan to happen again). Having used both tools extensively (SonarQube and Checkmarx), I prefer Checkmarx overall. Checkmarx also fares better compared to peers when it comes to finding any vulnerabilities within the database. Since ours is a user-information driven applicaiton, it becomes even more imminent to identify the data-specfic vulnerabilities at the earliest.
What do you dislike about the product?
Dashboarding could be better. The UI to show the current issue and the descriptive/suggestive text for the potential fix could be more "obvious" to the end-users. SonarQube scores over checkmarx in this regard.
Also, dashboarding could provide a little more flexibility towards the creation of new widgets.
One ore thing that I disliked about Checkmarx is that I could not find a free version in the market. Even for making an initial comparison, I had to contact the sales rep (the sales rep were pretty quick to respond, though).
Also, dashboarding could provide a little more flexibility towards the creation of new widgets.
One ore thing that I disliked about Checkmarx is that I could not find a free version in the market. Even for making an initial comparison, I had to contact the sales rep (the sales rep were pretty quick to respond, though).
What problems is the product solving and how is that benefiting you?
Static code analysis helps identify AppSec related issues at the earliest. Also, integration with the CICD pipeline ensures quality gating.
Ours is new product development in the earlier stages, and checkmarx is truly helping us by providing the developers and early insight into what could be done "right" from the beginning and instill a culture of finding issues at the earlier stage of development.
Ours is new product development in the earlier stages, and checkmarx is truly helping us by providing the developers and early insight into what could be done "right" from the beginning and instill a culture of finding issues at the earlier stage of development.
Recommendations to others considering the product:
Check your organization's needs. Checkmarx is comparitively expensive, and there is no free edition to try out first, as far as I know.
An efficient application to check vulnerability in the software
What do you like best about the product?
CheckMarx has been used an application to scan the applications to rectify vulnerability in the code and to check the security lapses. I have been using checkMarx to check the same in my .NET application and have found checkMarx to be great use. I would like to mention few good things about the same .
1.) It has support to many languages . In my case it can find the lapses in C#, Java script, J query , Typescript .
2.) The description is quite clear about the issues which makes it easier to understand the problem statement behind the security lapse.
3.) The online community present for CheckMarx is quite good which makes it easier to find the resolution
1.) It has support to many languages . In my case it can find the lapses in C#, Java script, J query , Typescript .
2.) The description is quite clear about the issues which makes it easier to understand the problem statement behind the security lapse.
3.) The online community present for CheckMarx is quite good which makes it easier to find the resolution
What do you dislike about the product?
Even though CheckMarx is quite helpful to check the security threats in the application code there are few things which can be improved by the CheckMarx team to make it more useful and efficient .
1.) There are many false positives which increase a lot of issues which in turn are required to marked as non exploitable
2.) Per user cost of CheckMarx subscription is high which makes it difficult for the small organisation to own it completely.
1.) There are many false positives which increase a lot of issues which in turn are required to marked as non exploitable
2.) Per user cost of CheckMarx subscription is high which makes it difficult for the small organisation to own it completely.
What problems is the product solving and how is that benefiting you?
I have been using CheckMarx in my organisation to find the code related issues in the .NET application. This has helped in a great way to re mediate the security lapses and refactor the code to make it more efficient.
Recommendations to others considering the product:
Use it to refactor the code of your application and re mediate the security lapses
showing 1 - 10