Contact Us
Checkmarx One

Checkmarx One

Checkmarx One excels in comprehensive application security testing.

Basic Information

  • Model: Checkmarx One is a unified, cloud-native application security platform. It is not a single model but a suite of integrated services.
  • Version: The platform undergoes continuous updates. Current multi-tenant version is 3.47. Current single-tenant version is 3.46. Version 3.0, featuring AI-powered capabilities, was released in October 2023.
  • Release Date: Version 3.0 was released on October 11, 2023. The platform itself has evolved over time with continuous releases.
  • Minimum Requirements: As a cloud-native SaaS platform, specific end-user hardware requirements are minimal. Client-side components, such as IDE plugins and CLI tools, require standard development workstation specifications. Network connectivity is essential.
  • Supported Operating Systems: The platform is cloud-agnostic. Client-side integrations support various operating systems where popular IDEs and CI/CD tools operate.
  • Latest Stable Version: Current multi-tenant version is 3.47. Current single-tenant version is 3.46.
  • End of Support Date: Not publicly disclosed for this continuously updated SaaS platform. Support is ongoing with active subscriptions.
  • End of Life Date: Not publicly disclosed for this continuously updated SaaS platform.
  • Auto-update Expiration Date: Not applicable; as a SaaS platform, updates are continuous and managed by Checkmarx.
  • License Type: Licensing is typically based on "Contributing Developers" and "Concurrent Scans." A "Contributing Developer" is an individual with commits to a scanned private repository within 90 days. "Concurrent Scan" refers to the number of parallel scans. Specific ratios apply, such as 1 Concurrent Scan for every 20 Contributing Developer licenses for "Start for SAST" packages, and 1:1 for other packages. Licenses may also be tied to repositories, with a ratio of 1 Contributing Developer to 3 unique Repositories.
  • Deployment Model: Cloud-native, delivered as a Software-as-a-Service (SaaS) platform. It is available on cloud marketplaces like AWS.

Technical Requirements

  • RAM: Not directly specified for the cloud platform. Client-side IDE plugins and CLI tools require typical memory for development environments.
  • Processor: Not directly specified for the cloud platform. Client-side tools run on standard developer workstation processors.
  • Storage: Not directly specified for the cloud platform. Data is stored in the cloud, with daily backups and encrypted storage. Client-side tools require minimal local storage.
  • Display: Standard display resolution for development environments and web interfaces.
  • Ports: Requires TCP ports 80/443 for communication with the cloud platform.
  • Operating System: The platform is cloud-based. Client-side integrations (IDEs, CI/CD tools) are compatible with common developer operating systems.

Analysis of Technical Requirements: Checkmarx One operates as a cloud-native platform, meaning the bulk of its computational and storage requirements are managed by Checkmarx's cloud infrastructure (e.g., AWS). End-user technical requirements primarily revolve around network connectivity and the specifications needed to run modern development tools (IDEs, CI/CD pipelines) that integrate with Checkmarx One. The platform leverages APIs and web services for integration, making standard internet access and common development environment setups sufficient for client-side operations. This model minimizes the on-premises hardware burden for enterprises.

Support & Compatibility

  • Latest Version: Current multi-tenant version 3.47. Current single-tenant version 3.46.
  • OS Support: The cloud platform is OS-agnostic. It supports a wide range of programming languages (25+) and frameworks for scanning. Client-side integrations are compatible with operating systems that host popular IDEs and CI/CD tools.
  • End of Support Date: Not publicly disclosed; support is continuous as part of the SaaS offering.
  • Localization: While not explicitly detailed, as a global enterprise solution, it likely offers multi-language support for its user interface and documentation.
  • Available Drivers: Not applicable. Checkmarx One integrates via APIs, CLI tools, and dedicated plugins for various IDEs (e.g., VS Code, Cursor, Windsurf) and CI/CD platforms (e.g., Jenkins, GitHub Actions, Azure DevOps).

Analysis of Overall Support & Compatibility Status: Checkmarx One demonstrates strong support and compatibility, particularly within the developer ecosystem. Its cloud-native architecture ensures broad OS compatibility for the core service, while its extensive array of integrations (IDEs, SCMs, CI/CD tools) allows seamless embedding into existing development workflows. The platform supports a wide range of programming languages and frameworks, catering to diverse enterprise needs. Continuous updates inherent to its SaaS model ensure ongoing compatibility and feature enhancements. User feedback often highlights strong support experience and ease of integration.

Security Status

  • Security Features: Checkmarx One offers a comprehensive suite of application security testing (AST) tools including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), API Security, Infrastructure as Code (IaC) Security, Container Security, Secrets Detection, and Supply Chain Security. It also includes AI Security features, AppSec Posture Management (ASPM), and real-time prevention and remediation guidance.
  • Known Vulnerabilities: As a security product, its primary function is to identify vulnerabilities in customer code. No specific known vulnerabilities for the Checkmarx One platform itself were publicly highlighted in the search results.
  • Blacklist Status: Not applicable.
  • Certifications: Checkmarx One holds ACN Level 2 certification (Italy's National Cybersecurity Agency). It undergoes annual SOC 2 Type II audits. Checkmarx is consistently recognized as a Leader in Application Security Testing by Gartner.
  • Encryption Support: All customer data is encrypted at rest using industry-standard protocols like AES-256. Data in transit is encrypted using HTTPS and TLS 1.2.
  • Authentication Methods: Supports Time-based One Time Passwords (TOTP) for user login, and offers authentication via OAuth Clients or API Keys for CLI and plugin integrations.
  • General Recommendations: Checkmarx One is designed for integration into DevSecOps workflows, providing unified visibility and AI-powered remediation to secure applications from code to cloud. It emphasizes "shift-left" security by enabling early vulnerability detection.

Analysis on Overall Security Rating: Checkmarx One exhibits a high overall security rating. Its comprehensive suite of security features covers a broad spectrum of application security needs, from static and dynamic code analysis to supply chain and secrets detection. Strong encryption for data at rest and in transit, coupled with robust authentication methods like TOTP, OAuth, and API keys, secures the platform itself. Multiple certifications, including ACN Level 2 and annual SOC 2 Type II audits, underscore its commitment to security and compliance. The platform's focus on integrating security early in the development lifecycle (shift-left) and leveraging AI for threat prevention and remediation further enhances its security posture.

Performance & Benchmarks

  • Benchmark Scores: Specific numerical benchmark scores are not publicly available.
  • Real-world Performance Metrics: Users report that Checkmarx One can handle hundreds of scans daily without significant maintenance. It identifies vulnerabilities 73% earlier than some competitors by scanning at the keystroke rather than after a commit. However, some users note issues with slow scan times and high memory usage.
  • Power Consumption: Not directly applicable to end-users as it is a cloud-native service. Power consumption is managed by the underlying cloud provider.
  • Carbon Footprint: Not directly applicable to end-users as it is a cloud-native service. Carbon footprint is managed by the underlying cloud provider.
  • Comparison with Similar Assets: Checkmarx One is frequently compared to competitors such as SonarQube, Wiz, Veracode, GitLab, and Coverity. It excels in comprehensive application security testing, robust code analysis, and integration capabilities. While SonarQube focuses on code quality, Checkmarx One prioritizes early vulnerability detection. It is noted for its flexibility, language support, and intuitive deployment.

Analysis of the Overall Performance Status: Checkmarx One's performance is characterized by its ability to conduct extensive application security testing across the SDLC. While it offers significant advantages in early vulnerability detection and comprehensive code analysis, some users experience challenges with scan speed and resource utilization. Its "shift-left" approach, enabling detection at the keystroke, positions it favorably against tools that scan post-commit. The platform's scalability allows it to manage a high volume of daily scans for large enterprises. Performance considerations often involve balancing scan thoroughness with speed, and managing false positives to optimize developer workflow.

User Reviews & Feedback

User reviews for Checkmarx One highlight several strengths and weaknesses, shaping its recommended use cases.

  • Strengths:
    • Accurate Vulnerability Identification: The platform accurately identifies vulnerabilities, tracks their origins, and provides actionable insights for remediation.
    • Comprehensive Coverage: It offers a full suite of AppSec tools including SAST, SCA, DAST, API Security, IaC Security, Container Security, and Secrets Detection, providing robust security coverage.
    • Integration Capabilities: Seamlessly integrates with various SCM solutions, CI/CD tools, and IDEs, enhancing scalability and streamlining the scanning process.
    • Developer-Friendly: Features like in-IDE feedback, AI-powered remediation guidance, and pre-commit exposure prevention improve the developer experience and accelerate secure code adoption.
    • Unified Platform: Provides a single pane of glass for managing vulnerabilities across the entire AppSec posture.
    • Strong Support & Deployment: Users often praise the support experience and the ease of deployment.
  • Weaknesses:
    • Language and Framework Support: Some users desire expanded support for certain programming languages (e.g., C, C++, Swift, VB, T-SQL).
    • False Positives: The SAST engine can produce a significant number of false positives, requiring manual intervention for segregation.
    • Performance Issues: Concerns exist regarding slow scan times and high memory usage.
    • Cost: The pricing model is considered expensive by some users, though others find it justified by the comprehensive features.
    • User Interface: Navigation through the web interface can sometimes be indirect or slow.
    • SCA Accuracy: SCA results occasionally do not accurately report usage information for third-party packages.
  • Recommended Use Cases:
    • Enterprises requiring a comprehensive, integrated application security platform across the entire SDLC.
    • Organizations adopting DevSecOps practices and seeking to embed security early in the development process.
    • Teams needing to secure cloud-native applications, open-source components, APIs, and Infrastructure as Code.
    • Environments where developer experience and efficient vulnerability remediation are critical.

Summary

Checkmarx One stands as a market-leading, cloud-native application security platform, offering a comprehensive and unified suite of tools designed to secure applications from the first line of code through deployment in the cloud. Its core strength lies in its extensive array of security testing capabilities, including SAST, SCA, DAST, API Security, IaC Security, Container Security, Secrets Detection, and Supply Chain Security. The platform excels in integrating seamlessly into developer ecosystems, offering plugins for popular IDEs and CI/CD tools, which facilitates a "shift-left" security approach by enabling early vulnerability detection and remediation. AI-powered features enhance both the detection and remediation processes, providing actionable insights directly to developers.

Strengths include its accurate vulnerability identification, customizable code check rules, comprehensive reporting, and strong support for various programming languages and frameworks. The platform's cloud-native deployment model, coupled with robust encryption (AES-256 at rest, TLS 1.2 in transit) and multi-factor authentication options, ensures a high level of security for the platform itself. Certifications like ACN Level 2 and annual SOC 2 Type II audits further validate its security posture. User feedback often praises its ease of deployment, integration capabilities, and the overall support experience.

However, Checkmarx One is not without its weaknesses. Some users report challenges with scan performance, including slow scan times and high memory usage. The platform can generate a notable number of false positives, necessitating manual review. While supporting many languages, some users desire broader coverage for specific older or less common languages. The pricing model is also a point of consideration, often perceived as expensive, and the user interface navigation can sometimes be less intuitive.

Overall, Checkmarx One is highly recommended for large enterprises and organizations that require a robust, integrated, and continuously updated application security solution, particularly those with cloud-native development environments and a strong commitment to DevSecOps. Its ability to consolidate various AppSec tools into a single platform, provide unified visibility, and empower developers with in-context security feedback makes it a powerful asset for managing application risk effectively. Prospective users should evaluate its performance characteristics against their specific needs and consider the total cost of ownership.

Please note: The information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.

Simplify your IT ecosystem with InvGate Asset Management

30-day free trial - No credit card needed

Get started

Clear pricing

No surprises, no hidden fees — just clear, upfront pricing that fits your needs.

View Pricing

Easy migration

Our team ensures your transition to InvGate is fast, smooth, and hassle-free.

View Customer Experience