Sign in
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Checkmarx One

Checkmarx | 1

Reviews from AWS Marketplace

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

35 reviews
from G2

External reviews are not included in the AWS star rating for the product.


    Retail

Brilliant Code to Cloud Application

  • December 16, 2024
  • Review verified by G2

What do you like best about the product?
Is so user friendly and it is very easy to become familiar with all the numerous features. Although I wasn't around for the implementation, I've found that it is relatively straightforward to integrate further functionality. The Scanning tools (IaC, SAST, SCA, API etc.) are all excellent and provide us with all the staus and visibility that we require. If we ever have issues that can't be resolved the Customer Support team at Checkmarx always are there to help us out.
What do you dislike about the product?
The dahsboards layour and display could be improved.
What problems is the product solving and how is that benefiting you?
Checkmarx is being used mainly for the scanning and checking of code before it makes the journey to the Cloud (AWS). We are using it to look at all the languages and frameworks that we have in our Tech/Data Stack that are incorporated into our IT Landscape. One of the main benefits is that it allows our developers to identify, detect and remediate vulnerabilities at source. It also allows them to edit queries easily and quickly.


    Abhineet S.

Best in class SAST solution in the market

  • January 13, 2024
  • Review provided by G2

What do you like best about the product?
I like the SAST-ification thing in overall, it is having all offering varies from source code scans to sca, to license scanning and does a great job finding vulnerabilities. It is easy to use and visually easy to look around for the bugs. Similarly very optimized so that we can integrate with the CI/CD pipelines
What do you dislike about the product?
The cost acquiring in all of the modules is pretty high.
What problems is the product solving and how is that benefiting you?
Solving major bugs right from the code by applying shift left approach in an easier way.


    Computer & Network Security

A good alternative in a fierceful market

  • November 02, 2023
  • Review provided by G2

What do you like best about the product?
Integration with CI/CD is pretty fetatureful.
What do you dislike about the product?
High number of false positives unless you carefully tailor it to each project.
What problems is the product solving and how is that benefiting you?
Automatic CI/CD SAST testing before each new feature or release.


    Tharindu M.

Good Tool with good interfaces and edveloper friendly environment

  • August 10, 2023
  • Review provided by G2

What do you like best about the product?
UI implementations are really good (Data Flow Matrixes)
suggestions are provided for the most suitable place to fix a set of vulnerabilities.
Most of the integrations are working seamlessly
What do you dislike about the product?
Support service is getting delayed sometimes
Some of the findings tend to be false positives
Scanning time is slow when compared with other tools.
Some of the IDE integrations aren't working as intended.
What problems is the product solving and how is that benefiting you?
Checkmarks provided a lot of visibility to our development cycles. It has the capability to scan the entire GitHub or scan a specific branch. Using the Checkmarks tool we were able to stop major vulnerabilities appears in production.


    sanjay s.

Checkmarx Review

  • July 22, 2022
  • Review provided by G2

What do you like best about the product?
Checkmarx Tool Scans the code pretty well. Gives accurate results in-depth analysis can be done because checkmarx provides Flow of code from source till the values getting executed
What do you dislike about the product?
Checkmarx reports false positives issues a lot. If it's a big application code base it's tough to control the number of false positive issues to analyse.Reporting can also be improved
What problems is the product solving and how is that benefiting you?
Checkmarx tool has Library scanning as well. It gives accurate results in reporting Vulnerable libraries. Accuracy has been spot on when it comes to reporting Library issues


    Pankaj W.

Best tool for Source code scanning

  • April 19, 2022
  • Review provided by G2

What do you like best about the product?
The most valuable features are the easy to understand interface, and it 's very user-friendly. Reduce the code using cxsast plugin. It will scan code line by line and find most of vulnerabilities. Very easy to use. Vulnerability report is awesome.
What do you dislike about the product?
UI should update. Reduce the false positive. Please upgrade rules set to avoid the false positive.
What problems is the product solving and how is that benefiting you?
It will find the vulnerabilities like SQL injection, cross site scripting, command injection, Xxe etc vulnerabilities. Scan speed is very good. We can review the issue easily.


    Higher Education

To find any security vulnerabilities Checkmarx is a awesome tool

  • February 10, 2022
  • Review provided by G2

What do you like best about the product?
Easy to scan any application to find any security threats
What do you dislike about the product?
After marking false positives still, sometimes it shows the same issue as a security issue as high or critical.
What problems is the product solving and how is that benefiting you?
Security vulnerabilities scan for application. Yes, it helps be updated with Jars helping to escape being hacked.


    Investment Banking

Be a step ahead by identifying vulnerability using checkmarx to

  • October 19, 2021
  • Review provided by G2

What do you like best about the product?
It identifies all the security vulnerabilities making your code secure than ever before. It also categorises the vulnerability into different categories based on the risk associated. Can be easily integrated with your CI pipeline to have you code scan with every build
What do you dislike about the product?
We can have a more better and user friendly UI to go through the report.
What problems is the product solving and how is that benefiting you?
Identifying the vulnerability before the code goes into production so that all the risks can be mitigated and we don't have to worry about it once code gets live


    Banking

Checkmarx : Enable SAST for CI/CD Effortlessly

  • September 23, 2021
  • Review provided by G2

What do you like best about the product?
The best features of Checkmarx are:
1) Open Source vulnerability scanner
2) Integration with multiple Ci/CD orchestration tools
3) Real-time reporting of static code vulnerabilities
What do you dislike about the product?
I feel the Jenkins code snippet of Checkmarx is a bit complex, and it could be a lot simpler.
What problems is the product solving and how is that benefiting you?
We have enabled SAST in our CI/CD pipelines using Checkmarx. It saves a lot of time as the integration of Checkmarx with our CI/CD orchestration tool achieves maximum automation and reduces the time significantly.


    Sujeet S.

Impressed with the Codebashing platform and AppSec awareness

  • June 25, 2021
  • Review verified by G2

What do you like best about the product?
Checkmarx has an impressive Codebashing feature that has the edge over SonarQube. The application tracking-reporting feature is good too. I like the "delta-scan" feature as it is really good for cases when there are very frequent scans needed (e.g. with every major code commit, we don't want the entire source code scan to happen again). Having used both tools extensively (SonarQube and Checkmarx), I prefer Checkmarx overall. Checkmarx also fares better compared to peers when it comes to finding any vulnerabilities within the database. Since ours is a user-information driven applicaiton, it becomes even more imminent to identify the data-specfic vulnerabilities at the earliest.
What do you dislike about the product?
Dashboarding could be better. The UI to show the current issue and the descriptive/suggestive text for the potential fix could be more "obvious" to the end-users. SonarQube scores over checkmarx in this regard.
Also, dashboarding could provide a little more flexibility towards the creation of new widgets.
One ore thing that I disliked about Checkmarx is that I could not find a free version in the market. Even for making an initial comparison, I had to contact the sales rep (the sales rep were pretty quick to respond, though).
What problems is the product solving and how is that benefiting you?
Static code analysis helps identify AppSec related issues at the earliest. Also, integration with the CICD pipeline ensures quality gating.
Ours is new product development in the earlier stages, and checkmarx is truly helping us by providing the developers and early insight into what could be done "right" from the beginning and instill a culture of finding issues at the earlier stage of development.
Recommendations to others considering the product:
Check your organization's needs. Checkmarx is comparitively expensive, and there is no free edition to try out first, as far as I know.