Checkmarx One vs HCL AppScan comparison

Checkmarx One
Read 67 Checkmarx One reviews
  • 33,068 Views
  • 21,374 Comparison Views
86% willing to recommend
HCL AppScan
Read 41 HCL AppScan reviews
  • 5,317 Views
  • 4,092 Comparison Views
82% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Checkmarx One and HCL AppScan based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Checkmarx One vs. HCL AppScan Report (Updated: May 2024).
Buyer's Guide
Checkmarx One vs. HCL AppScan
May 2024
Download the complete report
Helped 787,061 peers since 2012
 

Categories and Ranking

Checkmarx One
Ranking in Application Security Tools
3rd
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Number of Reviews
67
Ranking in other categories
Vulnerability Management (11th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
HCL AppScan
Ranking in Application Security Tools
14th
Ranking in Static Application Security Testing (SAST)
11th
Average Rating
7.8
Number of Reviews
41
Ranking in other categories
Dynamic Application Security Testing (DAST) (1st)
 

Market share comparison

As of June 2024, in the Application Security Tools category, the market share of Checkmarx One is 13.2% and it decreased by 13.7% compared to the previous year. The market share of HCL AppScan is 3.1% and it increased by 13.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
Unique Categories:
Static Application Security Testing (SAST)
10.2%
Vulnerability Management
1.3%
Dynamic Application Security Testing (DAST)
30.0%
 

Featured Reviews

NH
Feb 9, 2024
A highly scalable solution that reduces workloads, saves time, and fixes loopholes and vulnerabilities swiftly
It is very easy for the analyst to have everything in a consolidated single pane of glass. Previously, they ran multiple tools. They used one tool for source code analysis and another for static code review. Then, I manually verified each result. Since we moved to Checkmarx, it has been very easy for the analyst. The tool gives us a shareable report that can be easily shared with management once the product is done. The solution’s performance and the consolidated information it provides are valuable. The platform is completely on the cloud. There are no scalability or connectivity issues. The platform is stable. It can be accessed from anywhere. We used open-source tools before. We had to deploy the tools in the customers' environment to establish the connection between the tools and their product application. Since Checkmarx is a SaaS-based platform, we need only the forward connection from Checkmarx to the tool. The tool handles everything else. We just need a single firewall rule to be enabled on the platform to establish the connection. The deployment is very simple. We need just one rule to forward the web application to Checkmarx. The scanning engine is very good. Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%. The tool has greatly reduced the time and effort our analysts need to do their tasks. It's very useful if we need to perform a short-term project. It is greatly helpful in fixing loopholes and vulnerabilities swiftly.
Read full review
PD
Jul 13, 2022
Testing solution that does not integrate with other products or offer the same modern features as other solutions on the market
This is a primarily application security testing solution SAST is the only feature that works using the on-prem version. It's becoming very difficult for us to integrate it with the other SecOps solutions. It is a very good solution but only when using the standard version. We have experienced…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The only thing I like is that Checkmarx does not need to compile."
"The most valuable feature is the simple user interface."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The user interface is excellent. It's very user friendly."
"Vulnerability details is valuable."
"The most valuable feature for me is the Jenkins Plugin."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
More Checkmarx One pros
"The UI was very intuitive."
"The solution is easy to use."
"There's extensive functionality with custom rules and a custom knowledge base."
"We use it as a security testing application."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"The most valuable feature of HCL AppScan is scanning QR codes."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"Technical support is helpful."
More HCL AppScan pros
 

Cons

"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"The integration could improve by including, for example, DevSecOps."
"We have received some feedback from our customers who are receiving a large number of false positives."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
More Checkmarx One cons
"They have to improve support."
"The solution could improve by having a mobile version."
"One thing which I think can be improved is the CI/CD Integration"
"There is not a central management for static and dynamic."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"The pricing has room for improvement."
"There are so many lines of code with so many different categories that I am likely to get lost. ​"
"Sometimes it doesn't work so well."
More HCL AppScan cons
 

Pricing and Cost Advice

"The interface used to create custom rules comes at an additional cost."
"The number of users and coverage for languages will have an impact on the cost of the license."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"It is the right price for quality delivery."
"We have purchased an annual license to use this solution. The price is reasonable."
More Checkmarx One pricing and cost advice
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"The solution is moderately priced."
"The solution is cheap."
"I rate the product's price a seven on a scale of one to ten, where one is low, and ten is high. HCL AppScan is an expensive tool."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"Our clients are willing to pay the extra money. It is expensive."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
More HCL AppScan pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
787,061 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
5%
Computer Software Company
18%
Financial Services Firm
15%
Government
10%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
The solution's price is high and you pay based on the number of users.
See all answers
What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
See all answers
What needs improvement with HCL AppScan?
Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its fea...
See all answers
What is your primary use case for HCL AppScan?
I mainly use AppScan to secure various types of applications. I use its DAFDAT solution for black box scanning, as well as SaaS and source code validation. AppScan helps in scanning code for vulner...
See all answers
 

Comparisons

SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
Compared 52% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 13% of the time
Fortify on Demand vs Checkmarx One Logo
Fortify on Demand vs Checkmarx One
Compared 6% of the time
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Compared 4% of the time
Sonatype Lifecycle vs Checkmarx One Logo
Sonatype Lifecycle vs Checkmarx One
Compared 1% of the time
More Checkmarx One Competitors
SonarQube vs HCL AppScan Logo
SonarQube vs HCL AppScan
Compared 16% of the time
Veracode vs HCL AppScan Logo
Veracode vs HCL AppScan
Compared 12% of the time
Acunetix vs HCL AppScan Logo
Acunetix vs HCL AppScan
Compared 11% of the time
OWASP Zap vs HCL AppScan Logo
OWASP Zap vs HCL AppScan
Compared 8% of the time
Fortify WebInspect vs HCL AppScan Logo
Fortify WebInspect vs HCL AppScan
Compared 7% of the time
More HCL AppScan Competitors
 

Product Reports

Buyer's Guide
Checkmarx One
June 2024
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
HCL AppScan
June 2024
HCL AppScan reportDownload HCL AppScan product report
 

Also Known As

No data available
IBM Security AppScan, Rational AppScan, AppScan
 

Learn More

Checkmarx
HCLTech
 

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Buyer's Guide
Checkmarx One vs. HCL AppScan
May 2024
Free Report: Checkmarx One vs. HCL AppScan
Find out what your peers are saying about Checkmarx One vs. HCL AppScan and other solutions. Updated: May 2024.
DOWNLOAD NOW
787,061 professionals have used our research since 2012.
See our Checkmarx One vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.