We performed a comparison between CAST Highlight and Checkmarx One based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It offers good performance."
"The most valuable features of CAST Highlight are automation and speed."
"CAST Highlight is easy to use and has a good dashboard."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"Vulnerability details is valuable."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The report function is the solution's greatest asset."
"It is a stable product."
"From my point of view, it is the best product on the market."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"There's a bit of a learning curve at the outset."
"The ease of configuration and customization could be improved in CAST Highlight."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"The validation process needs to be sped up."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"The solution's user interface could be improved because it seems outdated."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"Checkmarx could improve by reducing the price."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
CAST Highlight is ranked 13th in Software Composition Analysis (SCA) with 5 reviews while Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews. CAST Highlight is rated 7.8, while Checkmarx One is rated 7.6. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". CAST Highlight is most compared with SonarQube, Snyk, Veracode, Black Duck and Sonatype Lifecycle, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity. See our CAST Highlight vs. Checkmarx One report.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
