We performed a comparison between Checkmarx One and Parasoft SOAtest based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Apart from software scanning, software composition scanning is valuable."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"Less false positive errors as compared to any other solution."
"Our static operation security has been able to identify more security issues since implementing this solution."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"We use the solution for dynamic application testing."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"They have a feature where they can record traffic and create tests on the report traffic."
"Every imaginable source in the entire world of information technology can be accessed and used."
"We can automate our scenarios in a data driven format, which shows there is no rework on scripts. We only need to update the test data and run for a number of scenarios."
"Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"Since the solution has both command line and automation options, it generates good reports."
"We have seen a return on investment."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Checkmarx needs to be more scalable for large enterprise companies."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"Updating and debugging of queries is not very convenient."
"Parasoft SOAtest has an internal refresh function where you can refresh the software to show the changes you’ve made in your projects. Unfortunately this function does not work properly, because it often does not show the changes after you’ve hit te refresh button a few times."
"Tuning the tool takes time because it gives quite a long list of warnings."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"Reporting facilities can be better."
"From an automation point of view, it should have better clarity and be more user friendly."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"The product is very slow to start up, and that is a bit of a problem, actually."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Parasoft SOAtest is ranked 28th in Static Application Security Testing (SAST) with 30 reviews. Checkmarx One is rated 7.6, while Parasoft SOAtest is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Parasoft SOAtest writes "Good API testing and RIT feature; clarity could be improved". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Klocwork. See our Checkmarx One vs. Parasoft SOAtest report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
