Checkmarx One 2026: Benefits, Features & Pricing

Software Advice offers objective insights based on verified user reviews and independent product and market research. When our advisors match you to a software provider, we may earn a referral fee.

How Software Advice ensures transparency

Software Advice lists all providers across its website—not just those that pay us—so that users can make informed purchase decisions. Users can talk to our advisors for free to receive software recommendations matching their needs. Software providers pay us for sponsored profiles to reach users interested in their products.

How Software Advice verifies reviews

Software Advice carefully verified over 2 million reviews to bring you authentic software experiences from real users. Our human moderators verify that reviewers are real people and that reviews are authentic. They use leading tech to analyze text quality and to detect plagiarism and generative AI.

Independent research methodology

Researchers at Software Advice use a mix of verified reviews, independent research, and objective methodologies to bring you selection and ranking information you can trust. While we may earn a referral fee when you visit a provider through our links or talk to an advisor, this has no influence on our research or methodology.

On this page

Overview
Pricing and Plans
Features
Integrations
User Reviews

Overview

Checkmarx One

3.9

(7)

Pricing

Pricing available upon request

About Checkmarx One

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:
*Static Application Security Testing (SAST)
*Software Composition Analysis (SCA)
*API security
*Dynamic Application Security Testing (DAST)
*Container security
*IaC security
*Correlation, prioritization and risk management
*Codebashing secure code training
*AI security
*Tech partnerships extending AppSec into runtime analysis
*Developer tool integrations including: CI/CD tools,
development frameworks, feedback tools, IDEs,
programming languages and SCMs

Checkmarx One helps secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving toolset, Checkmarx One helps consolidate AppSec solutions and make better sense of results.

Checkmarx One Screenshots

Checkmarx One Pricing and Plans

Starting price: Pricing available upon request

Free Trial

Free Version

Checkmarx One Features

Popular features found in Static Application Security Testing (SAST)
API
Integrated Development Environment
Real-Time Analytics
Vulnerability Scanning
More features of Checkmarx One
Access Controls/Permissions
Alerts/Notifications
Application Security
Collaboration Tools
Compliance Management
Dashboard
Data Import/Export
Debugging
For Developers
Multi-Language Scanning
Reporting/Analytics
Security Testing
Software Development
Source-Code Scanning
Third-Party Integrations

Checkmarx One Integrations

GitHub

GitLab

IntelliJ IDEA

Bitbucket

Bamboo

Checkmarx One User Reviews

Overall Rating

3.9

Ratings Breakdown

43%

29%

14%

Secondary Ratings

Ease of Use

3.7

Value for money

3.0

Customer support

4.0

Functionality

4.3

Have you used Checkmarx One and would like to share your experience with others?

Daniel B.

Verified reviewer

Hospital & Health Care

10000+ employees

Used daily for more than 2 years

Review source

Reviewed January 2023

Gives a full 360 degree view of vulnerabilities in static code

My personal overall experience with SAST is positive. I like that I can tweak queries myself and if there is something I can't do, support is just a phone call/ticket away. They respond to all inquiries very quickly.

Ratings Breakdown

Ease of use

Functionality

Pros:

The ability to use CI/CD pipelines so when the build task kicks off, scanning for static code and open source libraries is done at build time.

Cons:

The only thing I do not like is we have some languages that the product does not support like ColdFusion and R-Code.

Juan M.

Verified reviewer

Banking

1001-5000 employees

Used daily for more than 2 years

Review source

Reviewed November 2021

Checkmarx a strong and reliable competitor

It has been a good experience, the support is fast and reliable. The tool work as expected and you can use the api integration to go even further.

Ratings Breakdown

Ease of use

Value for money

Customer support

Functionality

Pros:

Easy of use, the 0 complexity it adds to configure a new project, it feels to work in a collaborative way even in an on premise environment.

Cons:

The implementation requires Windows and SQL, i would prefer that it runs on linux with postgresql. The reporting could be improved.

Reasons for choosing Checkmarx One

We needed an on premise solution (veracode is 100% Cloud), and an easy y quick way to configure projects Fortify is a little bit complex, and depend on the language to be scanned

Reasons for switching to Checkmarx One

AppScan didn't have that native integration to SecDevOps environments

Donovan G.

Verified reviewer

Financial Services

51-200 employees

Used daily for less than 12 months

Review source

Reviewed March 2022

Super expensive but also feels outdated

Overall I did not enjoy using it.

Ratings Breakdown

Ease of use

Value for money

Customer support

Functionality

Pros:

It certainly covers all the vulnerability rules you would ever need.

Cons:

It is SUPER expensive, very slow and the reporting is too messy. It would have been better if it can take a more integrated into the code approach like Sonar.

Tiennot v.

Verified reviewer

Computer & Network Security

11-50 employees

Used daily for more than 2 years

Review source

Reviewed January 2021

CxSAST - A great static software analyzer

Ratings Breakdown

Ease of use

Value for money

Customer support

Functionality

Pros:

CXSast has several very important advantages. The first is that the code is scanned before it is even compiled, this means that de developers can scan and fix while they are still in the coding process. Second CXSAST fully integrates in any devops proces. Scanning and reporting will be doen from within the screens developers work in, so no unneccesary switching between screens. (see extention CXflow) Nex to that the rules (or queries) are open, every one can see them or a organisation can tailor them to their own need. If needed a FP free setup can be created! V9.3 now enable installation of the engines on Linux, you can dockarize the stuff Last but not least CXSast can be setup with additions such as CX-SCA (opensource analysis) and CX-IAST (passive IAST scanning)

Cons:

The installation can sometimes be difficult. However Checkmarx counters this by offering free installation services for their costumers.

Shreyans M.

Verified reviewer

Banking

10000+ employees

Used weekly for more than 2 years

Review source

Reviewed November 2022

Preferred Vulnerability Management Tool

Ratings Breakdown

Ease of use

Functionality

Pros:

Can be used to analyse application, source code, byte code, and binaries for coding and design conditions.Key elements of the checkmarx dashboard can be split into two sections, namely scan, statistics and scan trends.

Cons:

Unavailable or downtime of application causes delay in deploying the code through pipeline which is integrated with Checkmarx.

👨🏼‍💻 Sarai P.

Verified reviewer

Publishing

1001-5000 employees

Used daily for less than 6 months

Review source

Reviewed April 2021

Intuitive software

Ratings Breakdown

Ease of use

Functionality

Pros:

Finding code vulnerabilities is hard. CxSAST makes it easy. Not only does it point out the vulnerability, it explains why the code is vulnerable, which is very valuable for future proofing code.

Cons:

Can sometimes include false positives. However this is mitigated by selecting “proposed not exploitable” if necessary.

Jayesh M.

Verified reviewer

Leisure, Travel & Tourism

501-1000 employees

Used monthly for less than 12 months

Review source

Reviewed August 2019

Its on OK Product

Ratings Breakdown

Ease of use

Value for money

Functionality

Pros:

We use this tool to check security vulnerabilities Option to configure multiple projects Compare the results between two scans Download the report results

Cons:

Not very User-Friendly. Takes time to run the scan Difficult to configure with development studios.

Showing 1 - 7 of 7 Reviews