We performed a comparison between Checkmarx One and Cloudflare based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We use the solution for dynamic application testing."
"The most valuable feature is the application tracking reporting."
"Apart from software scanning, software composition scanning is valuable."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The SAST component was absolutely 100% stable."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The UI is good."
"DDoS attacks target unprotected machines. Cloudflare detects and stops these attacks using internal systems. It identifies incoming DDoS attacks, issuing challenges or blocking them immediately."
"The simplicity of the overall dashboard makes it a great product for a user like me who has less understanding of the internet than a developer or other more technical people. It gives me peace of mind. I also love the easy customization of the Page Rules."
"I rate its stability a ten out of ten."
"Cloudflare is a security SaaS provider that provides security and protects us from any application layer attack."
"The solution is very good at mitigating threats."
"The DDoS protection is the most valuable aspect of the solution."
"Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"The reports are good, but they still need to be improved considering what the UI offers."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"For the free and Pro plans, Cloudflare could use a simple bot to provide information to users. This would improve support, especially for less advanced users who utilize the free components."
"The reporting can definitely be improved to offer a lot more explanation on something that may have happened or has actually happened."
"It should be easier to collect the logs with companies like Sumo. However, based on my discussions with the salespeople, I understand that's how they make their money. With the enterprise product, they want people doing those kinds of enterprise features to do the logging. They want them to pay a lot of money, and that's where I have an issue with them. That should be a default. You should be able to get the log no matter what. The logging should be universal."
"We are a product integrator and reseller, and we would like to have a better partner relationship, similar to a channel sales relationship. Sometimes we are on our own or get diverted by Cloudflare because they have direct sales, which competes with us and makes it difficult to build a relationship with this company since we want to be an MSP or a managed service provider for the solution."
"It should confirm audit findings of the assigned area with auditees to ensure that the audit conclusions are based on an accurate understanding of the issues."
"The solution could work at being less expensive. It costs a lot to use it."
"There should be a specific price list for enterprise-level customers."
"Sometimes their more advanced caching tools can cause higher first-byte times and problems with JavaScript."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Cloudflare is ranked 1st in Distributed Denial of Service (DDOS) Protection with 57 reviews. Checkmarx One is rated 7.6, while Cloudflare is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Cloudflare writes "It's easy to set up because you point the DNS to it, and it's working in under 15 minutes". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Cloudflare is most compared with Akamai, Azure Front Door, Imperva DDoS, AWS Shield and Microsoft Azure Application Gateway. See our Checkmarx One vs. Cloudflare report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.