We performed a comparison between Checkmarx One and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"We use the solution to validate the source code and do SAST and security analysis."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The UI is very intuitive and simple to use."
"The UI is user-friendly."
"From my point of view, it is the best product on the market."
"The value you can get out of the speedy production may be worth the price tag."
"They offer free access to some other tools."
"The scalability of this product is very good."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"The product discovers more vulnerabilities compared to other tools."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"The solution is good at reporting the vulnerabilities of the application."
"You can run it against multiple targets."
"Checkmarx could improve the REST APIs by including automation."
"If it is a very large code base then we have a problem where we cannot scan it."
"Implementing a blackout time for any user or teams: Needs improvement."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Checkmarx could improve the speed of the scans."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"There are too many false positives."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"OWASP Zap needs to extend to mobile application testing."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"The forced browse has been incorporated into the program and it is resource-intensive."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Checkmarx One is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Fortify Application Defender, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Fortify WebInspect. See our Checkmarx One vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.