Checkmarx One vs Synopsys Code Dx comparison

Checkmarx One
Read 67 Checkmarx One reviews
  • 31,565 Views
  • 20,243 Comparison Views
86% willing to recommend
Synopsys Code Dx
Read 1 Synopsys Code Dx review
  • 534 Views
  • 444 Comparison Views
0% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Checkmarx One and Synopsys Code Dx based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: June 2024).
Buyer's Guide
Static Application Security Testing (SAST)
June 2024
Download the complete report
Helped 787,061 peers since 2012
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Number of Reviews
67
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (11th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
Synopsys Code Dx
Ranking in Static Application Security Testing (SAST)
32nd
Average Rating
0.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
 

Market share comparison

As of June 2024, in the Static Application Security Testing (SAST) category, the market share of Checkmarx One is 10.2% and it decreased by 20.5% compared to the previous year. The market share of Synopsys Code Dx is 0.5% and it increased by 79.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
Unique Categories:
Application Security Tools
13.2%
Vulnerability Management
1.3%
No other categories found
 

Featured Reviews

NH
Feb 9, 2024
A highly scalable solution that reduces workloads, saves time, and fixes loopholes and vulnerabilities swiftly
It is very easy for the analyst to have everything in a consolidated single pane of glass. Previously, they ran multiple tools. They used one tool for source code analysis and another for static code review. Then, I manually verified each result. Since we moved to Checkmarx, it has been very easy for the analyst. The tool gives us a shareable report that can be easily shared with management once the product is done. The solution’s performance and the consolidated information it provides are valuable. The platform is completely on the cloud. There are no scalability or connectivity issues. The platform is stable. It can be accessed from anywhere. We used open-source tools before. We had to deploy the tools in the customers' environment to establish the connection between the tools and their product application. Since Checkmarx is a SaaS-based platform, we need only the forward connection from Checkmarx to the tool. The tool handles everything else. We just need a single firewall rule to be enabled on the platform to establish the connection. The deployment is very simple. We need just one rule to forward the web application to Checkmarx. The scanning engine is very good. Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%. The tool has greatly reduced the time and effort our analysts need to do their tasks. It's very useful if we need to perform a short-term project. It is greatly helpful in fixing loopholes and vulnerabilities swiftly.
Read full review
Saravanan_Radhakrishnan - PeerSpot reviewer
Sep 27, 2023
Facilitates continuous assessment of applications, covering both static and dynamic security aspects
The requirements are in such a place where the customers want to do a continuous assessment of their applications. The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution.  Synopsys…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"Vulnerability details is valuable."
"Apart from software scanning, software composition scanning is valuable."
More Checkmarx One pros
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
 

Cons

"It is an expensive solution."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"Implementing a blackout time for any user or teams: Needs improvement."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
More Checkmarx One cons
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
 

Pricing and Cost Advice

"It's relatively expensive."
"It is the right price for quality delivery."
"This solution is expensive. The customized package allows you to buy additional users at any time."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"The solution is costly."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
More Checkmarx One pricing and cost advice
"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
787,061 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
5%
Financial Services Firm
17%
Computer Software Company
14%
Manufacturing Company
12%
Insurance Company
11%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
The solution's price is high and you pay based on the number of users.
See all answers
What do you like most about Synopsys Code Dx?
The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartne...
See all answers
What is your experience regarding pricing and costs for Synopsys Code Dx?
I would rate the pricing model an eight out of ten, where one is low and ten is high. Because it is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's n...
See all answers
What needs improvement with Synopsys Code Dx?
Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer migh...
See all answers
 

Comparisons

SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
Compared 52% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 13% of the time
Fortify on Demand vs Checkmarx One Logo
Fortify on Demand vs Checkmarx One
Compared 6% of the time
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Compared 4% of the time
Coverity vs Checkmarx One Logo
Coverity vs Checkmarx One
Compared 3% of the time
More Checkmarx One Competitors
Veracode vs Synopsys Code Dx Logo
Veracode vs Synopsys Code Dx
Compared 59% of the time
Coverity vs Synopsys Code Dx Logo
Coverity vs Synopsys Code Dx
Compared 11% of the time
SonarQube vs Synopsys Code Dx Logo
SonarQube vs Synopsys Code Dx
Compared 9% of the time
More Synopsys Code Dx Competitors
 

Product Reports

Buyer's Guide
Checkmarx One
June 2024
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
Static Application Security Testing (SAST)
June 2024
Synopsys Code Dx reportDownload Synopsys Code Dx product report
 

Learn More

Checkmarx
Video not available
Synopsys
 

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Code Dx by Synopsys works with Intelligent Orchestration to give organizations the ability to: Execute tests and automatically run AppSec tools. Correlate results from multiple tools, combining security issues found by 75+ tools. Prioritize security issues, filtering out noise using machine learning.

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Buyer's Guide
Static Application Security Testing (SAST)
June 2024
Download Free Report
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: June 2024.
DOWNLOAD NOW
787,061 professionals have used our research since 2012.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.