Name: Checkmarx SAST
Rating: 4.6 (413 reviews)

Overview

Product Information on Checkmarx SAST

Updated 13th October 2025

What is Checkmarx SAST?

Checkmarx SAST is a software designed to analyze application source code in order to identify security vulnerabilities during the software development process. The software supports multiple programming languages and frameworks, enabling development and security teams to detect issues early in the application life cycle. Checkmarx SAST provides features such as automated code scanning, integration with development environments and CI/CD pipelines, customizable reporting, and support for compliance requirements. The software addresses business problems related to software security by helping organizations manage and reduce risks associated with insecure code, promoting safer software releases, and assisting with regulatory adherence.

Overall experience with Checkmarx SAST

IT Security & Risk Management Associate

1B - 3B USD, Transportation

FAVORABLE

“Checkmarx strengthens security-as-code to help build secure applications”

5.0

Jan 23, 2026

The overall experience with CheckmarX has been truly exceptional. The vendor has been very supportive of us throughout the implementation and post-implementation phases, addressing our concerns promptly and smoothly. They also consistently share updates and newly added features, taking time to explain them clearly to our team. CheckmarX's SAST solution is reliable and suited for development and security teams looking to integrate security seamlessly into their process. More importantly, it plays a critical or crucial role in strengthening our application security by identifying vulnerabilities in the early development cycle, reducing risk, and ensuring that our product or application is secure and compliant.

APPLICATION SECURITY ENGINNER

30B + USD, Energy and Utilities

CRITICAL

“Checkmarx SAST Offers Detailed Results but Faces Interface and Support Challenges”

3.0

Feb 17, 2026

I have been using Checkmarx SAST and SCA tool for the last 3 years. Overall experience is good. As I am also the administrator of this product, the support team needs improvement.

About Company

Company Description

Checkmarx provides agentic application security, delivering enterprise-grade protection while lowering engineering costs and accelerating development velocity. The Checkmarx One platform scans trillions of lines of code each year for companies, cutting vulnerability density by more than half. Its autonomous security agents detect and counter AI-driven threats across the SDLC, providing prevention-first protection for legacy, modern, and AI-generated code at enterprise scale.

Company Details

Company type

Private

Year Founded

2006

Head office location

Paramus, United States

Number of employees

501 - 1000

Website

http://www.checkmarx.com

Do You Manage Peer Insights at Checkmarx?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About Checkmarx SAST

Reviewer Insights for: Checkmarx SAST

Deciding Factors: Checkmarx SAST Vs. Market Average

Performance of Checkmarx SAST Across Market Features

Checkmarx SAST Likes & Dislikes

What I like most about CheckmarX is its ability to detect vulnerabilities and compliance issues throughout the Software Development Life Cycle (SDLC) and provide feedback into actionable items for remediation. This helps us strengthen our security posture by reducing risk before deploying the code to production.

Our team now has dedicated Appsec engineers to deal with false positive request. User interface is good but slow. Checkmarx users can view the results and navigate to the vulnerable code easily. Attack vectors are there for the input and output flow. With the latest version of Checkmarx SAST, the best fix line of code is also provided.

It allows product development teams to interact with it whatever they want: via Web UI, API or multiple CI platform integrations, usually via plugins. It is very important in a heterogenic environment. Another important fact is consistency with results, not too many false positives, configruabels policies and scan configuration.

The main challenge sometimes is the scan time as CheckmarX scans large repositories and projects.

Support lead from the product team. Issues in pipeline giving errors but errors are hard to understand.

The aformentioned web interface is very '90-tish, I believe it should be refreshed to catch up with other similar tools. It is pretty complex, sometimes not intuitive and noticeably slow, comparing to other popular security tools.

Top Checkmarx SAST Alternatives

Peer Discussions

Checkmarx SAST Reviews and Ratings

Recommended Gartner Insights

1B-10B USD

Transportation

Review Source

Checkmarx strengthens security-as-code to help build secure applications

Jan 22, 2026

Manager, IT Security and Risk Management

10B+ USD

Finance (non-banking)

Consistent SAST Scanning Performance Offset by Outdated and Slow User Interface

4.0

Apr 13, 2026

Checkmarx SAST is an old but gold solutions: it does it job very good i.e. SAST security scanning, but the user experience of the Web interface is far from being perfect. The scanning results are OK, in line with the expectation, not too many false positive and very rare false negatives, which is the most important feature of this scanner.

MANAGER, IT SECURITY AND RISK MANAGEMENT

Telecommunication

Comprehensive Vulnerability Tracking Provided With Helpful Support Team Assistance

Jan 15, 2026

We are using Checkmarx SAST, SCA and CxOne-DAST for our inhouse developed application, it's provide you the comprehensive vulnerability report and easy to manage and track the vulnerability on the tools. The overall experience was good and especially when it come with the CxSupport team in order to upgrade/update or troubleshooting the product.

SOFTWARE DEVELOPMENT MANAGER

50M-1B USD

Banking

Buy it now, improve security

Dec 16, 2025

Checkmarx have been a great vendor, provided excellent customer service with a product that has really helped us tighten up our security posture and ensure we minimise our vulnerabilities. Where new, and critical issues have appeared, Checkmarx have reached out proactively to warn us and suggest a sensible course of action, before we've even realised we're affected.

Smooth Deployment and Well-Structured Findings Enhance Security Workflow Efficiency

Jan 19, 2026

The ease of use, accessability and user friendliness gets me going on using Checkmarx SAST/DAST. The simple and well-structured findings of the tool makes remediation fixes implemented immediately. Aside from this, the deployment of the tool integrates smoothly in to our environment. We experienced a smooth transition from the Cx SAST on premise to Cx One