Checkmarx

Enterprise application security platform with deep SAST, SCA, DAST, and supply chain security

ToolEnterprise Application SecurityCloudSelf-hosted

Pricing: Custom enterprise pricing

Reviewed by the CyberSecTool editorial team against the public sources cited below · Last reviewed February 2026 · How we review listings

What is Checkmarx?

Checkmarx is an enterprise application security platform that provides comprehensive SAST, SCA, DAST, API security testing, and supply chain security in a unified solution called Checkmarx One. With nearly two decades of SAST expertise, Checkmarx offers deep, accurate static analysis across a wide range of languages and frameworks, making it the go-to choice for large enterprises with complex codebases and strict compliance requirements. Checkmarx integrates into development workflows but is traditionally oriented toward security teams rather than individual developers.

Best for: Large enterprises that need comprehensive, compliance-driven application security testing with deep SAST accuracy and centralized security governance
Pros
  • Strong SAST depth and accuracy from two decades of development
  • Comprehensive platform covering SAST, SCA, DAST, and API security
  • Strong compliance reporting and governance capabilities
  • Custom query language allows tailored security rules for complex codebases
  • Mature enterprise support with dedicated customer success
Considerations
  • Significantly more expensive than Snyk with enterprise-only pricing
  • Developer experience is less intuitive than Snyk's workflow integration
  • Scan times can be slow for large codebases with deep analysis enabled
  • Steep learning curve for custom query configuration
  • Historically security-team focused rather than developer-first

Reported in public reviews and vendor documentation. See sources below.

Key Features

Advanced SAST with deep dataflow analysis
Software composition analysis with license compliance
Dynamic application security testing (DAST)
API security testing
Supply chain security analysis
Custom query language for security rules
Centralized security dashboard and reporting
Compliance reporting for PCI DSS, HIPAA, SOC 2

Are you Checkmarx? Improve this listing with screenshots, case studies and more.

Sources & references

Where the information on this listing comes from. Always verify pricing and capabilities against the vendor before a purchasing decision.

Spot an error, or do you represent Checkmarx? Request a correction.