We performed a comparison between Checkmarx One and Tenable.io Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Both automatic and manual code review (CxQL) are valuable."
"Less false positive errors as compared to any other solution."
"The setup is fairly easy. We didn't struggle with the process at all."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The report function is the solution's greatest asset."
"The most valuable feature is the simple user interface."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The most effective feature of the product is the ability to scan the entire environment."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"The initial setup is straightforward."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"It is fully automated."
"The solution is stable."
"We can get detailed information about vulnerabilities."
"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."
"The pricing can get a bit expensive, depending on the company's size."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Checkmarx could improve the REST APIs by including automation."
"Meta data is always needed."
"Checkmarx could be improved with more integration with third-party software."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"We have received some feedback from our customers who are receiving a large number of false positives."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"It isn't easy to manage vulnerabilities in Tenable."
"Tenable.io Web Application Scanning conducts a general scan, which wastes time. The scan needs to be specific."
"The technical support should be improved. Currently, some attacks are detected while others are not."
"Tenable.io Web Application Scanning could improve by offering faster fuzzing."
"The dashboard could be more user-friendly."
"The report customization needs to be better."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews. Checkmarx One is rated 7.6, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Tenable.io Web Application Scanning is most compared with Acunetix, Qualys Web Application Scanning, Fortify on Demand, PortSwigger Burp Suite Professional and SonarQube. See our Checkmarx One vs. Tenable.io Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.