Listing Thumbnail

    Checkmarx One

     Info
    Sold by: Checkmarx 
    Checkmarx One helps you deliver secure software faster with an integrated Application Security Testing platform deployed as a service. A single event, like a code commit or build stage, can trigger scans of your source code, dependencies, and IaC templates, with results aggregated in one place.
    Listing Thumbnail

    Checkmarx One

     Info
    Sold by: Checkmarx 

    Overview

    Checkmarx One is an integrated Application Security Testing (AST) platform delivered by Checkmarx, an AWS Advanced Tier partner with Security and DevOps Competencies. We're a global leader in software security solutions, trusted by 1,700+ organizations and consistently recognized by Gartner as a Leader in AST.

    Checkmarx One delivers three essential AST services on a platform that's easy to integrate into your existing dev tools:

    Static application security testing: Checkmarx One is a flexible, accurate solution able to identify hundreds of vulnerabilities and weaknesses in custom code, with support for 25+ languages and frameworks. Software composition analysis: CxSCA enables you to mitigate risks in open source software and third-party libraries. Users can identify and prioritize open source vulnerabilities, take inventory of open source components and dependencies in use, and evaluate the risk of open source licenses. Infrastructure as code analysis: KICS detects security misconfigurations in IaC templates, helping prevent errors such as open storage buckets, insecure databases, and excessive privileges. Checkmarx One is easy to integrate: one event can trigger all scan types for your project, and scan results are aggregated, giving you fast triage of your project's security posture.

    If you're an AWS customer interested in Checkmarx One and wish to purchase over AWS Marketplace in a different quantity or configuration, visit http://www.checkmarx.com/contact-us-aws 

    IMPORTANT INFORMATION ABOUT PRODUCTS AND SERVICES.

    1. Please note that add-ons be purchased only when the base product is purchased.

    2. Description of Base product: Checkmarx One Start with SAST.

    Description of available Add-ons: CxOne Start with SAST NG-API Security Addon, CxOne Start with SAST NG-IaC (KICS) Add on, Checkmarx One Start with SAST NG- AI Add on

    1. Description of Base product: Checkmarx One Essential

    Description of available Add-ons: CxOne Essential-Containers Add on, Cx One Essential-Malicious Packages Add on, Cx One Essential-IaC (KICS) Add on, CxOne Essential-AI Protection Add on

    1. Description of Base product: Checkmarx One Professional

    Description of available Add-ons: Checkmarx One Professional - IaC (KICS) Add on, Checkmarx One Professional - Enterprise Secrets Add on, Checkmarx One Professional - AI Protection Add on

    1. Checkmarx One Codebashing is available both as standalone and add-on with Base products mentioned above.

    2. CxOne Premium Service Package is available @ 20% of SaaS subscription fee. Checkmarx One Premium Service package fee shall be calculated as higher of: a) 20% of SaaS subscription fee OR b) USD 10,000 in case of 1 year term / USD 30,000 for 3 year term.

    3. Cx-SCS Threat API Malicious (per package) : Minimum quantity is 2 (two) and listed price is for 2 (two) units. SCS Threat API for Malicious OSS Packages Threat Information only (limited to 10,000 packages lookup per month). Each version/sub-version of the same package is considered a unique package.

    4. Minimum deal size shall be USD 30,000 for a one year term and USD 90,000 for three year term. Minimum deal size excludes Checkmarx One Premium Service Package and Checkmarx One PS days.

    5. Checkmarx reserves the right to revise prices periodically.

    6. Prices exclude applicable VAT/GST and WHT, if any.

    7. Refund Policy: no Refunds.

    Please reach out to aws@checkmarx.com  for further information about the add-ons available under various base products.

    Highlights

    • FIND THREATS AND SAVE TIME : Identify open source risks. Get severity metrics and remediation guidance. Identify potential license and compliance issues. See which libraries are adding to maintenance burdens. Get risk reports or extract data via API.
    • SPOT INSECURE CODE EARLIER: Our industry-leading source code analysis covers a wide range of languages. Checkmarx One finds vulnerabilities faster by scanning uncompiled code and only re-scanning new or modified code.
    • Prevent misconfigurations from reaching production: Scan your IaC templates for valid but insecure configurations before deployment to prevent catastrophic security misconfigurations.

    Details

    Delivery method

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.

    12-month contract (17)

     Info
    Dimension
    Description
    Cost/12 months
    CxOne Start with SAST NG
    Checkmarx One Start with SAST-price per license per year
    $1,035.00
    CxOne API Security
    CxOne Start with SAST NG-API Security Addon-price per license per year
    $276.00
    CxOne IaC (KICS)
    CxOne Start with SAST NG-IaC (KICS) Add on-price per license per year
    $240.00
    CxOne AI Protection
    Checkmarx One Start with SAST NG- AI Add on-price per license per year
    $120.00
    Checkmarx One Codebashing
    Checkmarx One Codebashing
    $345.00
    CxOne Essential
    Checkmarx One Essential - price per license per year
    $1,564.00
    CxAST-CONTAINERS
    CxOne Essential-Containers Add on-price per license per year
    $240.00
    CxOne Malicious Packages
    Cx One Essential-Malicious Packages Add on-price per license per year
    $276.00
    CxAST-IAC-KICS
    Cx One Essential-IaC (KICS) Add on-price per license per year
    $240.00
    CxOne AI Protection
    CxOne Essential-AI Protection Add on-price per license per year
    $120.00

    Vendor refund policy

    1. Minimum Deal size shall be USD 30,000 for 1 year term & USD 90,000 for 3 year term, excluding Checkmarx One Premium Service Package and Checkmarx one PS days.
    2. Checkmarx One Premium Service package fee shall be calculated as higher of: a) 20% of SaaS subscription fee OR b) USD 10,000 in case of 1 year term / USD 30,000 for 3 year term.
    1. Checkmarx reserves the right to revise prices, without advance notice.
    2. Prices quoted are exclusive of VAT/GST and WHT, if applicable.
    3. No refunds.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Checkmarx technical support, online support https://support.checkmarx.com  Checkmarx One Standard Support is Included within the price of software subscription and Checkmarx One Premium Service Package available by paying 20% SaaS subscription fee.

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    25
    In Testing
    Top
    25
    In Testing
    Top
    25
    In Testing

    Customer reviews

     Info
    AI generated sentiment from actual customer reviews on AWS and G2
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Static Application Security Testing
    Flexible, accurate solution able to identify hundreds of vulnerabilities and weaknesses in custom code, with support for 25+ languages and frameworks
    Software Composition Analysis
    Enables identification and prioritization of open source vulnerabilities, inventory of open source components and dependencies in use, and evaluation of open source license risk
    Infrastructure as Code Analysis
    Detects security misconfigurations in IaC templates, helping prevent errors such as open storage buckets, insecure databases, and excessive privileges
    Integrated Platform
    Single event, like a code commit or build stage, can trigger scans of source code, dependencies, and IaC templates, with results aggregated in one place
    Scan Optimization
    Scans only new or modified code, reducing time and resources required for security testing
    Static Application Security Testing (SAST)
    Detect over 1137 unique categories of vulnerabilities across 29 programming languages that span over 1 million individual APIs
    Automated Security Integration
    Automate security in the CI/CD pipeline with Swagger-supported RESTful APIs, GitHub repository, and plugins for a large set of ecosystem partners offering DevOps, VSTS, and Jenkins
    Compliance and Certification
    First and leading application security as a service solution to be JAB authorized and FedRAMP certified
    Dynamic Application Security Testing (DAST)
    Perform dynamic application security testing (DAST) on demand
    Interactive Application Security Testing (IAST)
    Offer interactive application security testing (IAST) on demand
    Continuous Software Security Integration
    Seamlessly embeds application security into the software development lifecycle (SDLC) by bringing together development and security teams to provide a broad understanding of risk, remediation guidance, and progress at every stage of the development process
    Security Policy Management
    Enables users to define and manage security policy, gain a comprehensive view of software security across their application portfolio, and leverage rich analytics to make informed plans, communicate metrics, comply with policy, and meet regulatory requirements
    Static Code Analysis
    Provides fast, automated feedback to developers in the IDE and CI/CD pipeline, conducts a full Policy Scan before deployment, and gives clear guidance on how to find, prioritize, and fix issues fast and accurately, with a low false positive rate
    Dynamic Application Security Testing
    Scans runtime applications, providing the scale necessary to audit hundreds of target applications simultaneously, including APIs, to verify in production that vulnerabilities were addressed or mitigated before application release
    Software Composition Analysis
    Identifies risks from open-source libraries early so you can reduce unplanned work, covering both security and license risk, and helps Engineering keep roadmaps on track, Security achieve regulatory compliance (SBOM), and the Business make smart decisions

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    34 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Abhineet S.

    Best in class SAST solution in the market

    Reviewed on Jan 13, 2024
    Review provided by G2
    What do you like best about the product?
    I like the SAST-ification thing in overall, it is having all offering varies from source code scans to sca, to license scanning and does a great job finding vulnerabilities. It is easy to use and visually easy to look around for the bugs. Similarly very optimized so that we can integrate with the CI/CD pipelines
    What do you dislike about the product?
    The cost acquiring in all of the modules is pretty high.
    What problems is the product solving and how is that benefiting you?
    Solving major bugs right from the code by applying shift left approach in an easier way.
    Computer & Network Security

    A good alternative in a fierceful market

    Reviewed on Nov 02, 2023
    Review provided by G2
    What do you like best about the product?
    Integration with CI/CD is pretty fetatureful.
    What do you dislike about the product?
    High number of false positives unless you carefully tailor it to each project.
    What problems is the product solving and how is that benefiting you?
    Automatic CI/CD SAST testing before each new feature or release.
    Tharindu M.

    Good Tool with good interfaces and edveloper friendly environment

    Reviewed on Aug 10, 2023
    Review provided by G2
    What do you like best about the product?
    UI implementations are really good (Data Flow Matrixes)
    suggestions are provided for the most suitable place to fix a set of vulnerabilities.
    Most of the integrations are working seamlessly
    What do you dislike about the product?
    Support service is getting delayed sometimes
    Some of the findings tend to be false positives
    Scanning time is slow when compared with other tools.
    Some of the IDE integrations aren't working as intended.
    What problems is the product solving and how is that benefiting you?
    Checkmarks provided a lot of visibility to our development cycles. It has the capability to scan the entire GitHub or scan a specific branch. Using the Checkmarks tool we were able to stop major vulnerabilities appears in production.
    sanjay s.

    Checkmarx Review

    Reviewed on Jul 22, 2022
    Review provided by G2
    What do you like best about the product?
    Checkmarx Tool Scans the code pretty well. Gives accurate results in-depth analysis can be done because checkmarx provides Flow of code from source till the values getting executed
    What do you dislike about the product?
    Checkmarx reports false positives issues a lot. If it's a big application code base it's tough to control the number of false positive issues to analyse.Reporting can also be improved
    What problems is the product solving and how is that benefiting you?
    Checkmarx tool has Library scanning as well. It gives accurate results in reporting Vulnerable libraries. Accuracy has been spot on when it comes to reporting Library issues
    Pankaj W.

    Best tool for Source code scanning

    Reviewed on Apr 19, 2022
    Review provided by G2
    What do you like best about the product?
    The most valuable features are the easy to understand interface, and it 's very user-friendly. Reduce the code using cxsast plugin. It will scan code line by line and find most of vulnerabilities. Very easy to use. Vulnerability report is awesome.
    What do you dislike about the product?
    UI should update. Reduce the false positive. Please upgrade rules set to avoid the false positive.
    What problems is the product solving and how is that benefiting you?
    It will find the vulnerabilities like SQL injection, cross site scripting, command injection, Xxe etc vulnerabilities. Scan speed is very good. We can review the issue easily.
    View all reviews