We performed a comparison between Checkmarx One and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is scalable, but other solutions are better."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The only thing I like is that Checkmarx does not need to compile."
"Both automatic and manual code review (CxQL) are valuable."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The user interface is excellent. It's very user friendly."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The reporting part is the most valuable feature."
"This is a stable solution."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"The solution offers services in a few specific development languages."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"The product has valuable features for static and dynamic testing."
"We use it as a security testing application."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"Its user interface could be improved and made more friendly."
"The reports are good, but they still need to be improved considering what the UI offers."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Many silly false positives are produced."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"There is not a central management for static and dynamic."
"The pricing has room for improvement."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"The product has some technical limitations."
"HCL AppScan needs to improve security."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while HCL AppScan is ranked 15th in Application Security Tools with 41 reviews. Checkmarx One is rated 7.6, while HCL AppScan is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Sonatype Lifecycle, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Checkmarx One vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.