Alternatives to Checkmarx logo

Alternatives to Checkmarx

SonarQube, Veracode, Black Duck, WhiteSource, and Snyk are the most popular alternatives and competitors to Checkmarx.
83
135
+ 1
0

What is Checkmarx and what are its top alternatives?

It is a provider of state-of-the-art application security solution: static code analysis software, seamlessly integrated into development process.
Checkmarx is a tool in the Security category of a tech stack.
Checkmarx is an open source tool with GitHub stars and GitHub forks. Here’s a link to Checkmarx's open source repository on GitHub

Top Alternatives to Checkmarx

  • SonarQube
    SonarQube

    SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving. ...

  • Veracode
    Veracode

    It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production. ...

  • Black Duck
    Black Duck

    It is a solution that helps development teams manage risks that come with the use of open source. It gives you complete visibility into open source management, combining sophisticated, multi-factor open source detection capabilities with the Black Duck KnowledgeBase. ...

  • WhiteSource
    WhiteSource

    The leading solution for agile open source security and license compliance management, WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time. ...

  • Snyk
    Snyk

    Automatically find & fix vulnerabilities in your code, containers, Kubernetes, and Terraform ...

  • ShiftLeft
    ShiftLeft

    ShiftLeft CORE provides fast and accurate application security findings built directly into the development workflow. ...

  • Postman
    Postman

    It is the only complete API development environment, used by nearly five million developers and more than 100,000 companies worldwide. ...

  • Postman
    Postman

    It is the only complete API development environment, used by nearly five million developers and more than 100,000 companies worldwide. ...

Checkmarx alternatives & related posts

SonarQube logo

SonarQube

1.7K
53
Continuous Code Quality
1.7K
53
PROS OF SONARQUBE
  • 26
    Tracks code complexity and smell trends
  • 16
    IDE Integration
  • 9
    Complete code Review
  • 2
    Difficult to deploy
CONS OF SONARQUBE
  • 7
    Sales process is long and unfriendly
  • 7
    Paid support is poor, techs arrogant and unhelpful
  • 1
    Does not integrate with Snyk

related SonarQube posts

Simon Reymann
Senior Fullstack Developer at QUANTUSflow Software GmbH · | 30 upvotes · 11.6M views

Our whole DevOps stack consists of the following tools:

  • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
  • Respectively Git as revision control system
  • SourceTree as Git GUI
  • Visual Studio Code as IDE
  • CircleCI for continuous integration (automatize development process)
  • Prettier / TSLint / ESLint as code linter
  • SonarQube as quality gate
  • Docker as container management (incl. Docker Compose for multi-container application management)
  • VirtualBox for operating system simulation tests
  • Kubernetes as cluster management for docker containers
  • Heroku for deploying in test environments
  • nginx as web server (preferably used as facade server in production environment)
  • SSLMate (using OpenSSL) for certificate management
  • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
  • PostgreSQL as preferred database system
  • Redis as preferred in-memory database/store (great for caching)

The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

  • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
  • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
  • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
  • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
  • Scalability: All-in-one framework for distributed systems.
  • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
See more
Ganesa Vijayakumar
Full Stack Coder | Technical Architect · | 19 upvotes · 5.5M views

I'm planning to create a web application and also a mobile application to provide a very good shopping experience to the end customers. Shortly, my application will be aggregate the product details from difference sources and giving a clear picture to the user that when and where to buy that product with best in Quality and cost.

I have planned to develop this in many milestones for adding N number of features and I have picked my first part to complete the core part (aggregate the product details from different sources).

As per my work experience and knowledge, I have chosen the followings stacks to this mission.

UI: I would like to develop this application using React, React Router and React Native since I'm a little bit familiar on this and also most importantly these will help on developing both web and mobile apps. In addition, I'm gonna use the stacks JavaScript, jQuery, jQuery UI, jQuery Mobile, Bootstrap wherever required.

Service: I have planned to use Java as the main business layer language as I have 7+ years of experience on this I believe I can do better work using Java than other languages. In addition, I'm thinking to use the stacks Node.js.

Database and ORM: I'm gonna pick MySQL as DB and Hibernate as ORM since I have a piece of good knowledge and also work experience on this combination.

Search Engine: I need to deal with a large amount of product data and it's in-detailed info to provide enough details to end user at the same time I need to focus on the performance area too. so I have decided to use Solr as a search engine for product search and suggestions. In addition, I'm thinking to replace Solr by Elasticsearch once explored/reviewed enough about Elasticsearch.

Host: As of now, my plan to complete the application with decent features first and deploy it in a free hosting environment like Docker and Heroku and then once it is stable then I have planned to use the AWS products Amazon S3, EC2, Amazon RDS and Amazon Route 53. I'm not sure about Microsoft Azure that what is the specialty in it than Heroku and Amazon EC2 Container Service. Anyhow, I will do explore these once again and pick the best suite one for my requirement once I reached this level.

Build and Repositories: I have decided to choose Apache Maven and Git as these are my favorites and also so popular on respectively build and repositories.

Additional Utilities :) - I would like to choose Codacy for code review as their Startup plan will be very helpful to this application. I'm already experienced with Google CheckStyle and SonarQube even I'm looking something on Codacy.

Happy Coding! Suggestions are welcome! :)

Thanks, Ganesa

See more
Veracode logo

Veracode

65
0
A simpler and more scalable way to increase the resiliency of your global application infrastructure
65
0
PROS OF VERACODE
    Be the first to leave a pro
    CONS OF VERACODE
      Be the first to leave a con

      related Veracode posts

      Shared insights
      on
      VeracodeVeracodeBlack DuckBlack Duck

      Hi Everyone, I am using Black Duck for my project...I need some advantages on Blackduck as compared to Veracode and other tools..... I don't have any idea about other tools, So I am not able to compare practically.. Please help me.

      See more
      Black Duck logo

      Black Duck

      46
      0
      Open Source Security & License tracking
      46
      0
      PROS OF BLACK DUCK
        Be the first to leave a pro
        CONS OF BLACK DUCK
          Be the first to leave a con

          related Black Duck posts

          Shared insights
          on
          VeracodeVeracodeBlack DuckBlack Duck

          Hi Everyone, I am using Black Duck for my project...I need some advantages on Blackduck as compared to Veracode and other tools..... I don't have any idea about other tools, So I am not able to compare practically.. Please help me.

          See more
          Shared insights
          on
          SonarQubeSonarQubeBlack DuckBlack Duck

          Is it possible to integrate Black Duck, SonarQube and Coverity with Fortify SSC?

          See more
          WhiteSource logo

          WhiteSource

          23
          0
          Find & fix security and compliance issues in open source libraries in real-time
          23
          0
          PROS OF WHITESOURCE
            Be the first to leave a pro
            CONS OF WHITESOURCE
              Be the first to leave a con

              related WhiteSource posts

              Bryan Dady
              SRE Manager at Subsplash · | 5 upvotes · 447.6K views

              I'm beginning to research the right way to better integrate how we achieve SCA / shift-left / SecureDevOps / secure software supply chain. If you use or have evaluated WhiteSource, Snyk, Sonatype Nexus, SonarQube or similar, I would very much appreciate your perspective on strengths and weaknesses and how you selected your ultimate solution. I want to integrate with GitLab CI.

              See more
              Snyk logo

              Snyk

              467
              20
              Automatically find & fix vulnerabilities in your code, containers, Kubernetes, and Terraform
              467
              20
              PROS OF SNYK
              • 10
                Github Integration
              • 5
                Free for open source projects
              • 4
                Finds lots of real vulnerabilities
              • 1
                Easy to deployed
              CONS OF SNYK
              • 2
                Does not integrated with SonarQube
              • 1
                No malware detection
              • 1
                No surface monitoring
              • 1
                Complex UI
              • 1
                False positives

              related Snyk posts

              Bryan Dady
              SRE Manager at Subsplash · | 5 upvotes · 447.6K views

              I'm beginning to research the right way to better integrate how we achieve SCA / shift-left / SecureDevOps / secure software supply chain. If you use or have evaluated WhiteSource, Snyk, Sonatype Nexus, SonarQube or similar, I would very much appreciate your perspective on strengths and weaknesses and how you selected your ultimate solution. I want to integrate with GitLab CI.

              See more
              ShiftLeft logo

              ShiftLeft

              4
              0
              Static code analysis, Secrets detection, Software composition analysis, and Security training in one platform
              4
              0
              PROS OF SHIFTLEFT
                Be the first to leave a pro
                CONS OF SHIFTLEFT
                  Be the first to leave a con

                  related ShiftLeft posts

                  Postman logo

                  Postman

                  94.5K
                  1.8K
                  Only complete API development environment
                  94.5K
                  1.8K
                  PROS OF POSTMAN
                  • 490
                    Easy to use
                  • 369
                    Great tool
                  • 276
                    Makes developing rest api's easy peasy
                  • 156
                    Easy setup, looks good
                  • 144
                    The best api workflow out there
                  • 53
                    It's the best
                  • 53
                    History feature
                  • 44
                    Adds real value to my workflow
                  • 43
                    Great interface that magically predicts your needs
                  • 35
                    The best in class app
                  • 12
                    Can save and share script
                  • 10
                    Fully featured without looking cluttered
                  • 8
                    Collections
                  • 8
                    Option to run scrips
                  • 8
                    Global/Environment Variables
                  • 7
                    Shareable Collections
                  • 7
                    Dead simple and useful. Excellent
                  • 7
                    Dark theme easy on the eyes
                  • 6
                    Awesome customer support
                  • 6
                    Great integration with newman
                  • 5
                    Documentation
                  • 5
                    Simple
                  • 5
                    The test script is useful
                  • 4
                    Saves responses
                  • 4
                    This has simplified my testing significantly
                  • 4
                    Makes testing API's as easy as 1,2,3
                  • 4
                    Easy as pie
                  • 3
                    API-network
                  • 3
                    I'd recommend it to everyone who works with apis
                  • 3
                    Mocking API calls with predefined response
                  • 2
                    Now supports GraphQL
                  • 2
                    Postman Runner CI Integration
                  • 2
                    Easy to setup, test and provides test storage
                  • 2
                    Continuous integration using newman
                  • 2
                    Pre-request Script and Test attributes are invaluable
                  • 2
                    Runner
                  • 2
                    Graph
                  • 1
                    <a href="http://fixbit.com/">useful tool</a>
                  CONS OF POSTMAN
                  • 10
                    Stores credentials in HTTP
                  • 9
                    Bloated features and UI
                  • 8
                    Cumbersome to switch authentication tokens
                  • 7
                    Poor GraphQL support
                  • 5
                    Expensive
                  • 3
                    Not free after 5 users
                  • 3
                    Can't prompt for per-request variables
                  • 1
                    Import swagger
                  • 1
                    Support websocket
                  • 1
                    Import curl

                  related Postman posts

                  Noah Zoschke
                  Engineering Manager at Segment · | 30 upvotes · 3M views

                  We just launched the Segment Config API (try it out for yourself here) — a set of public REST APIs that enable you to manage your Segment configuration. A public API is only as good as its #documentation. For the API reference doc we are using Postman.

                  Postman is an “API development environment”. You download the desktop app, and build API requests by URL and payload. Over time you can build up a set of requests and organize them into a “Postman Collection”. You can generalize a collection with “collection variables”. This allows you to parameterize things like username, password and workspace_name so a user can fill their own values in before making an API call. This makes it possible to use Postman for one-off API tasks instead of writing code.

                  Then you can add Markdown content to the entire collection, a folder of related methods, and/or every API method to explain how the APIs work. You can publish a collection and easily share it with a URL.

                  This turns Postman from a personal #API utility to full-blown public interactive API documentation. The result is a great looking web page with all the API calls, docs and sample requests and responses in one place. Check out the results here.

                  Postman’s powers don’t end here. You can automate Postman with “test scripts” and have it periodically run a collection scripts as “monitors”. We now have #QA around all the APIs in public docs to make sure they are always correct

                  Along the way we tried other techniques for documenting APIs like ReadMe.io or Swagger UI. These required a lot of effort to customize.

                  Writing and maintaining a Postman collection takes some work, but the resulting documentation site, interactivity and API testing tools are well worth it.

                  See more
                  Simon Reymann
                  Senior Fullstack Developer at QUANTUSflow Software GmbH · | 27 upvotes · 5.1M views

                  Our whole Node.js backend stack consists of the following tools:

                  • Lerna as a tool for multi package and multi repository management
                  • npm as package manager
                  • NestJS as Node.js framework
                  • TypeScript as programming language
                  • ExpressJS as web server
                  • Swagger UI for visualizing and interacting with the API’s resources
                  • Postman as a tool for API development
                  • TypeORM as object relational mapping layer
                  • JSON Web Token for access token management

                  The main reason we have chosen Node.js over PHP is related to the following artifacts:

                  • Made for the web and widely in use: Node.js is a software platform for developing server-side network services. Well-known projects that rely on Node.js include the blogging software Ghost, the project management tool Trello and the operating system WebOS. Node.js requires the JavaScript runtime environment V8, which was specially developed by Google for the popular Chrome browser. This guarantees a very resource-saving architecture, which qualifies Node.js especially for the operation of a web server. Ryan Dahl, the developer of Node.js, released the first stable version on May 27, 2009. He developed Node.js out of dissatisfaction with the possibilities that JavaScript offered at the time. The basic functionality of Node.js has been mapped with JavaScript since the first version, which can be expanded with a large number of different modules. The current package managers (npm or Yarn) for Node.js know more than 1,000,000 of these modules.
                  • Fast server-side solutions: Node.js adopts the JavaScript "event-loop" to create non-blocking I/O applications that conveniently serve simultaneous events. With the standard available asynchronous processing within JavaScript/TypeScript, highly scalable, server-side solutions can be realized. The efficient use of the CPU and the RAM is maximized and more simultaneous requests can be processed than with conventional multi-thread servers.
                  • A language along the entire stack: Widely used frameworks such as React or AngularJS or Vue.js, which we prefer, are written in JavaScript/TypeScript. If Node.js is now used on the server side, you can use all the advantages of a uniform script language throughout the entire application development. The same language in the back- and frontend simplifies the maintenance of the application and also the coordination within the development team.
                  • Flexibility: Node.js sets very few strict dependencies, rules and guidelines and thus grants a high degree of flexibility in application development. There are no strict conventions so that the appropriate architecture, design structures, modules and features can be freely selected for the development.
                  See more
                  Postman logo

                  Postman

                  94.5K
                  1.8K
                  Only complete API development environment
                  94.5K
                  1.8K
                  PROS OF POSTMAN
                  • 490
                    Easy to use
                  • 369
                    Great tool
                  • 276
                    Makes developing rest api's easy peasy
                  • 156
                    Easy setup, looks good
                  • 144
                    The best api workflow out there
                  • 53
                    It's the best
                  • 53
                    History feature
                  • 44
                    Adds real value to my workflow
                  • 43
                    Great interface that magically predicts your needs
                  • 35
                    The best in class app
                  • 12
                    Can save and share script
                  • 10
                    Fully featured without looking cluttered
                  • 8
                    Collections
                  • 8
                    Option to run scrips
                  • 8
                    Global/Environment Variables
                  • 7
                    Shareable Collections
                  • 7
                    Dead simple and useful. Excellent
                  • 7
                    Dark theme easy on the eyes
                  • 6
                    Awesome customer support
                  • 6
                    Great integration with newman
                  • 5
                    Documentation
                  • 5
                    Simple
                  • 5
                    The test script is useful
                  • 4
                    Saves responses
                  • 4
                    This has simplified my testing significantly
                  • 4
                    Makes testing API's as easy as 1,2,3
                  • 4
                    Easy as pie
                  • 3
                    API-network
                  • 3
                    I'd recommend it to everyone who works with apis
                  • 3
                    Mocking API calls with predefined response
                  • 2
                    Now supports GraphQL
                  • 2
                    Postman Runner CI Integration
                  • 2
                    Easy to setup, test and provides test storage
                  • 2
                    Continuous integration using newman
                  • 2
                    Pre-request Script and Test attributes are invaluable
                  • 2
                    Runner
                  • 2
                    Graph
                  • 1
                    <a href="http://fixbit.com/">useful tool</a>
                  CONS OF POSTMAN
                  • 10
                    Stores credentials in HTTP
                  • 9
                    Bloated features and UI
                  • 8
                    Cumbersome to switch authentication tokens
                  • 7
                    Poor GraphQL support
                  • 5
                    Expensive
                  • 3
                    Not free after 5 users
                  • 3
                    Can't prompt for per-request variables
                  • 1
                    Import swagger
                  • 1
                    Support websocket
                  • 1
                    Import curl

                  related Postman posts

                  Noah Zoschke
                  Engineering Manager at Segment · | 30 upvotes · 3M views

                  We just launched the Segment Config API (try it out for yourself here) — a set of public REST APIs that enable you to manage your Segment configuration. A public API is only as good as its #documentation. For the API reference doc we are using Postman.

                  Postman is an “API development environment”. You download the desktop app, and build API requests by URL and payload. Over time you can build up a set of requests and organize them into a “Postman Collection”. You can generalize a collection with “collection variables”. This allows you to parameterize things like username, password and workspace_name so a user can fill their own values in before making an API call. This makes it possible to use Postman for one-off API tasks instead of writing code.

                  Then you can add Markdown content to the entire collection, a folder of related methods, and/or every API method to explain how the APIs work. You can publish a collection and easily share it with a URL.

                  This turns Postman from a personal #API utility to full-blown public interactive API documentation. The result is a great looking web page with all the API calls, docs and sample requests and responses in one place. Check out the results here.

                  Postman’s powers don’t end here. You can automate Postman with “test scripts” and have it periodically run a collection scripts as “monitors”. We now have #QA around all the APIs in public docs to make sure they are always correct

                  Along the way we tried other techniques for documenting APIs like ReadMe.io or Swagger UI. These required a lot of effort to customize.

                  Writing and maintaining a Postman collection takes some work, but the resulting documentation site, interactivity and API testing tools are well worth it.

                  See more
                  Simon Reymann
                  Senior Fullstack Developer at QUANTUSflow Software GmbH · | 27 upvotes · 5.1M views

                  Our whole Node.js backend stack consists of the following tools:

                  • Lerna as a tool for multi package and multi repository management
                  • npm as package manager
                  • NestJS as Node.js framework
                  • TypeScript as programming language
                  • ExpressJS as web server
                  • Swagger UI for visualizing and interacting with the API’s resources
                  • Postman as a tool for API development
                  • TypeORM as object relational mapping layer
                  • JSON Web Token for access token management

                  The main reason we have chosen Node.js over PHP is related to the following artifacts:

                  • Made for the web and widely in use: Node.js is a software platform for developing server-side network services. Well-known projects that rely on Node.js include the blogging software Ghost, the project management tool Trello and the operating system WebOS. Node.js requires the JavaScript runtime environment V8, which was specially developed by Google for the popular Chrome browser. This guarantees a very resource-saving architecture, which qualifies Node.js especially for the operation of a web server. Ryan Dahl, the developer of Node.js, released the first stable version on May 27, 2009. He developed Node.js out of dissatisfaction with the possibilities that JavaScript offered at the time. The basic functionality of Node.js has been mapped with JavaScript since the first version, which can be expanded with a large number of different modules. The current package managers (npm or Yarn) for Node.js know more than 1,000,000 of these modules.
                  • Fast server-side solutions: Node.js adopts the JavaScript "event-loop" to create non-blocking I/O applications that conveniently serve simultaneous events. With the standard available asynchronous processing within JavaScript/TypeScript, highly scalable, server-side solutions can be realized. The efficient use of the CPU and the RAM is maximized and more simultaneous requests can be processed than with conventional multi-thread servers.
                  • A language along the entire stack: Widely used frameworks such as React or AngularJS or Vue.js, which we prefer, are written in JavaScript/TypeScript. If Node.js is now used on the server side, you can use all the advantages of a uniform script language throughout the entire application development. The same language in the back- and frontend simplifies the maintenance of the application and also the coordination within the development team.
                  • Flexibility: Node.js sets very few strict dependencies, rules and guidelines and thus grants a high degree of flexibility in application development. There are no strict conventions so that the appropriate architecture, design structures, modules and features can be freely selected for the development.
                  See more