Checkmarx

Enterprise AppSec platform — SAST, SCA, DAST, IaC, API, and container scanning under the Checkmarx One umbrella.

Enterprise

Pricing Tier

Steep

Learning Curve

2–6 months for enterprise rollout

Implementation

large, enterprise

Best For

Visit website ↗🔖 Save to Stack Ask AI about Checkmarx

✓ Use when

Regulated enterprises consolidating AppSec tooling across many teams and needing audit-ready compliance reports.

✗ Avoid when

Startups and mid-market engineering teams — Semgrep or Snyk offer faster, more developer-friendly workflows at a fraction of the cost.

What is Checkmarx?

Checkmarx is a legacy-to-modern AppSec platform now unified as Checkmarx One. It provides SAST, SCA, IaC scanning, DAST, API security, and container scanning with a shared policy and triage layer. Long-standing presence in Fortune 2000 AppSec programs, often alongside or replacing Fortify. Known for deep language coverage and enterprise-grade compliance reporting (PCI, HIPAA, SOX).

Key features

✓SAST, SCA, DAST, IaC, API, container scanning

✓Checkmarx One unified platform

✓AI Query Builder for custom rules

✓Deep language coverage (30+)

✓Compliance reporting (PCI, HIPAA, SOX)

Integrations

JenkinsJiraGitHubAzure DevOps

💰 Real-world pricing

What people actually pay

No price data yet — be the first to share

No price data yet for Checkmarx. Help the community — share what you pay (anonymized).

User Reviews

Be the first to review this tool