# Checkmarx One Reviews 2026. Verified Reviews, Pros & Cons | Capterra

> Is Checkmarx One the right Static Application Security Testing (SAST) solution for you? Explore 7 verified user reviews from people in industries like yours to make a confident choice.

Source: https://www.capterra.com/p/10021366/Checkmarx-One/reviews

---

Checkmarx One

3.9 (7)

Provider data verified by our Software Research team, and reviews moderated by our Reviews Verification team. [Learn more](https://www.capterra.com/our-story/)

* * *

Last updated March 13th, 2026

# Reviews of Checkmarx One

Ease of use

3.7

Customer Service

4.0

## Showing most helpful reviews

Showing 1-7 of 7 Reviews

Sort by:

Most Helpful

Rating

Company Size

Reviewer's Role

Length of Use

Frequency of Use

Daniel B.  
Manager of Static Code Analysis  
Hospital & Health Care  
Used the software for: 2+ years

### "Gives a full 360 degree view of vulnerabilities in static code"

January 22, 2023

5.0

My personal overall experience with SAST is positive. I like that I can tweak queries myself and if there is something I can't do, support is just a phone call/ticket away. They respond to all inquiries very quickly.

Pros

The ability to use CI/CD pipelines so when the build task kicks off, scanning for static code and open source libraries is done at build time.

Cons

The only thing I do not like is we have some languages that the product does not support like ColdFusion and R-Code.

Alternatives considered

[Veracode](https://www.capterra.com/p/227778/Veracode/)

Review Source

JM

Juan M.  
Application Security Manager  
Banking  
Used the software for: 2+ years

### "Checkmarx a strong and reliable competitor "

November 18, 2021

4.0

It has been a good experience, the support is fast and reliable. The tool work as expected and you can use the api integration to go even further.

Pros

Easy of use, the 0 complexity it adds to configure a new project, it feels to work in a collaborative way even in an on premise environment.

Cons

The implementation requires Windows and SQL, i would prefer that it runs on linux with postgresql. The reporting could be improved.

Reason for choosing Checkmarx One

We needed an on premise solution (veracode is 100% Cloud), and an easy y quick way to configure projects Fortify is a little bit complex, and depend on the language to be scanned

Review Source

DG

Donovan G.  
Head of QA  
Financial Services  
Used the software for: 6-12 months

### "Super expensive but also feels outdated"

March 25, 2022

1.0

Overall I did not enjoy using it.

Pros

It certainly covers all the vulnerability rules you would ever need.

Cons

It is SUPER expensive, very slow and the reporting is too messy. It would have been better if it can take a more integrated into the code approach like Sonar.

Review Source

TV

Tiennot V.  
CTO  
Computer & Network Security  
Used the software for: 2+ years

### "CxSAST - A great static software analyzer"

January 15, 2021

5.0

Pros

CXSast has several very important advantages. The first is that the code is scanned before it is even compiled, this means that de developers can scan and fix while they are still in the coding process. Second CXSAST fully integrates in any devops proces. Scanning and reporting will be doen from within the screens developers work in, so no unneccesary switching between screens. (see extention CXflow) Nex to that the rules (or queries) are open, every one can see them or a organisation can tailor them to their own need. If needed a FP free setup can be created! V9.3 now enable installation of the engines on Linux, you can dockarize the stuff Last but not least CXSast can be setup with additions such as CX-SCA (opensource analysis) and CX-IAST (passive IAST scanning)

Cons

The installation can sometimes be difficult. However Checkmarx counters this by offering free installation services for their costumers.

Review Source

Shreyans M.  
Team Leader  
Banking  
Used the software for: 2+ years

### "Preferred Vulnerability Management Tool"

November 12, 2022

4.0

Pros

Can be used to analyse application, source code, byte code, and binaries for coding and design conditions.Key elements of the checkmarx dashboard can be split into two sections, namely scan, statistics and scan trends.

Cons

Unavailable or downtime of application causes delay in deploying the code through pipeline which is integrated with Checkmarx.

Review Source

👨🏼‍💻 Sarai P.  
Web developer  
Publishing  
Used the software for: Less than 6 months

### "Intuitive software "

April 26, 2021

5.0

Pros

Finding code vulnerabilities is hard. CxSAST makes it easy. Not only does it point out the vulnerability, it explains why the code is vulnerable, which is very valuable for future proofing code.

Cons

Can sometimes include false positives. However this is mitigated by selecting “proposed not exploitable” if necessary.

Review Source

JM

Jayesh M.  
Web Developer  
Leisure, Travel & Tourism  
Used the software for: 6-12 months

### "Its on OK Product"

August 19, 2019

3.0

Pros

We use this tool to check security vulnerabilities Option to configure multiple projects Compare the results between two scans Download the report results

Cons

Not very User-Friendly. Takes time to run the scan Difficult to configure with development studios.

Review Source

Similar Products

Featured