Checkmarx Professional, Scientific, and Technical Services Reviews & Insights

Score9.2 out of 10

21 Reviews and Ratings

Community insights

TrustRadius Insights for Checkmarx are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Valuable Code Scanning and Accurate Results: Many users have found Checkmarx to be a valuable tool for scanning code and providing accurate results. It allows for in-depth analysis by providing the flow of code from source to execution.

User-Friendly Interface and Intuitive Nature: The easy-to-understand interface and user-friendly nature of Checkmarx have been appreciated by reviewers. They find it very intuitive, making reducing code and scanning for vulnerabilities simple.

Effective Security Threat Identification: Checkmarx has received praise for its ability to scan any application and identify security threats effectively. Users appreciate its reliability in identifying all security vulnerabilities, making their code more secure.

Checkmarx Reviews

2 Reviews

Professional, Scientific, and Technical ServicesInformation Technology & Services1Public Relations & Communications1

Review of Checkmarx: Pros, Cons, and How It Fits into Our Development Process.

Rating: 9 out of 10

Incentivized

January 12, 2025

Use Cases and Deployment Scope

We use Checkmarx to scan our code for security vulnerabilities during development. It helps us find and fix issues early, reducing the risk of security breaches. Our developers and security team mainly use the tool to ensure our applications are safe before release. It addresses the challenge of maintaining secure code in a fast-paced development cycle.

Pros

Detects security vulnerabilities in source code with accuracy and detail.
Integrates seamlessly with CI/CD pipelines, IDEs, and repositories.
Provides clear reports and actionable fix recommendations for developers.

Cons

Scans can be slow for large codebases, which may disrupt development workflows.
The interface can overwhelm new users, making navigation and setup challenging.
Reports occasionally flag non-issues, requiring extra time for manual validation.

Likelihood to Recommend

Checkmarx works best in organizations with secure development practices where code is regularly scanned during development. It's ideal for CI/CD pipelines, ensuring vulnerabilities are caught early. Checkmarx might not be the best for old systems that aren’t updated often, as setting it up can take time. It’s also less useful for teams that mostly use third-party libraries instead of writing their own code.

Verified User

Engineer in Information Technology (Information Technology & Services company, 1001-5000 employees)

Vetted Review

3 years of experience

Checkmarx scored good marks

Rating: 6 out of 10

Incentivized

May 10, 2021

Use Cases and Deployment Scope

It is used by the information security team in our company. We run various static code analysis tools on our source code and Checkmarx is one of them. What it helps us with is to generate reports that we can share with our Developers as it is comprehensive and easy to understand.

Pros

Reporting
Language support
Fix recommendations

Cons

Scan duration
False positives
Integration with other tools like Jenkins comes with some inconveniences.

Likelihood to Recommend

It is well suited in cases where you wanna share reports with people that do not have a lot of knowledge in security concepts. It would help as the report has elaborate content explaining the issues and fix recommendations. If you want a SAST tool that gives fewer false positives, there are better options compared to Checkmarx. In cases where you want to do SAST scans regularly and quickly, Checkmarx may hold you back with its high count of false positives and lengthy reports.

Verified User

Engineer in Research & Development (Public Relations & Communications company, 1001-5000 employees)

Vetted Review

1 year of experience

Loading Reviews List....