CheckMarx

(17)
4.0 out of 5 stars

Identify software security vulnerabilities & fix them

Work for CheckMarx?

Learning about CheckMarx?

We can help you find the solution that fits you best.

CheckMarx Reviews

Request More Information
Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • User Industry
  • For Category
Ratings
Company Size
User Role
User Industry
For Category
Showing 17 CheckMarx reviews
LinkedIn Connections
CheckMarx review by <span>Hatim B.</span>
Hatim B.
Validated Reviewer
Verified Current User
Invitation from G2 Crowd
Reviewed On

A useful SAST tool to improve maturity in IT security

What do you like best?

Our choice of Checkmarx as a static code audit tool was done after a long reflection. the richness in terms of languages and the customization of the presets were determinents. We were accompanied at first by a very competent editor team. Today, the use of the tool is unavoidable. We use it both as an integrated tool in our IDEs but also when building in our continuous integration platform. He is also at the hand of the security team to audit code delivered by an external service provider.

We also appreciate the possibility of modifying but also creating new rules to eliminate false positives.

The tool is also rich in terms of indicators and charts. it provides a dashboard that makes it easy to track application risk level scores over time and provides management with comprehensive reports. the details of the vulnerabilities detected and the description of the corrections allows the development teams to correct the vulnerabilities but also to learn about the security of the coding.

What do you dislike?

At each audit, the number of false positives is high. but this is a defect specific to SAST tools. knowledge of the business specificities of the application is necessary to personalize the presets to eliminate false positives.

This tool is a step in the security audit process, it must be completed by DAST and IAST audits.

Recommendations to others considering the product

we highly recommend this tool. We have already recommended the tool at our group level. The cost-effectiveness ratio is interesting.

What business problems are you solving with the product? What benefits have you realized?

we use this tool in a bank-insurance information system. Business requirements are high. Checkmarx has helped us improve the maturity of our IT security in order to gain the confidence of our business.

Sign in to G2 Crowd to see what your connections have to say about CheckMarx
Headshots
CheckMarx review by <span>Sahil M.</span>
Sahil M.
Validated Reviewer
Invitation from G2 Crowd
Reviewed On

CheckMarx review

What do you like best?

This is an excellent tool to write secure code and follow best practices. i like that it gives a detailed overview of the issue in your static code and also provides ways to solve it. It attributes a risk profile to each issue and this way you can solve the ones with high priority first.

What do you dislike?

The document generated can sometimes be too verbose and you can loose track of what issues to solve. Sometimes even if you have solved all the issues, re-running the report does not ensure a count of zero.

Recommendations to others considering the product

This works great with Java, you should definitely include this in your technology portfolio

What business problems are you solving with the product? What benefits have you realized?

We use this as a code quality indicator, the tool helps us write efficient and secure code, benefits include fewer bugs due to poor quality code.

What Application Security solution do you use?

Thanks for letting us know!
CheckMarx review by <span>Martin D.</span>
Martin D.
Validated Reviewer
Invitation from G2 Crowd
Reviewed On

Very easy to use tool for improving security

What do you like best?

The tool uses your credentials to generate a report and that report is very comprehensive, yet very easy to understand, it makes very easy to solve potential security issues.

What do you dislike?

The report generated by CheckMarx always contains a lot of false positives or duplicated positives, making it bigger than it should, although to be fair it would not be easy to develop a tool that analyses code so thoroughly without displaying a fair amount of duplicates.

What business problems are you solving with the product? What benefits have you realized?

Performing security reviews of my project's code. It gives the user a comprehensive look into the potential security risks and the explanation of such risks which is helpfull for people like me who is not a security expert.

CheckMarx review by Administrator in Automotive
Administrator in Automotive
Validated Reviewer
Invitation from G2 Crowd
Reviewed On

Great scanning tool for code

What do you like best?

We use this tool to scan our code for vulnerabilities. It is a great tool because it can be run against our code base and it lists our the vulnerabilities. This has reduced our time for manual code reviews by quite some time. Also, it helps us set code quality standard. We have implemented this as part of our software development cycle. The new developers that come on board can look at previous scans and learn our coding standards and follow that as part of our coding policy.

What do you dislike?

There can be many false positives. Since the tool is automated it doesn't understand some of the code logic and why it was written in a certain way.

Recommendations to others considering the product

Be aware of false positives. Other than it's a great tool to scan your code base.

What business problems are you solving with the product? What benefits have you realized?

It helps us automate the code review process and catches code vulnerabilities. We have saved time on code reviews by running the code against this tool first.

CheckMarx review by <span>Dev B.</span>
Dev B.
Validated Reviewer
Verified Current User
Invitation from G2 Crowd
Reviewed On

Best software purchase we ever made.

What do you like best?

Really easy to use and the level of detail you can access is amazing.

What do you dislike?

The Cost, it is not cheap, but not good rarely is.

What business problems are you solving with the product? What benefits have you realized?

Static Code Scan for PCI

CheckMarx review by <span>Raju K.</span>
Raju K.
Validated Reviewer
Invitation from G2 Crowd
Reviewed On

Best security tool

What do you like best?

We used the tool to find security flaws in our software it helped us to find cross side scripting bugs in an easy way

What do you dislike?

When we integrate with Jenkins the report sent by CheckMarx is not easily redable

What business problems are you solving with the product? What benefits have you realized?

Security

Code Analysis

Cross side scripting

SQL injections

Kate avatar
Kate from G2 Crowd

Learning about CheckMarx?

I can help.
* We monitor all CheckMarx reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.