Checkmarx icon

Checkmarx

Performs agentic application security testing including SAST, SCA, and ASPM for code to cloud security.

Reviewed by ToolWorthy Editors·updated 2 months ago

Pricing:Paid
Categories:
Jump to section
Checkmarx homepage showing Checkmarx One cloud-based AppSec platform

Featured alternatives

JetBrains Qodana icon

JetBrains Qodana

AWS CodeGuru icon

AWS CodeGuru

Qodo icon

Qodo

Enia Code icon

Enia Code

Cursor icon

Cursor

Open Vibe icon

Open Vibe

Pros & Cons

Pros

  • Broad AppSec platform scope
  • Strong fit for enterprise consolidation
  • Addresses AI-generated code and supply-chain risk
  • Supports both security teams and developers
  • Published package structure helps buyers frame evaluation

Cons

  • No simple public pricing
  • May be too heavy for small teams
  • Full value depends on process and integration maturity
  • Enterprise rollout can require implementation effort
  • Buyers must map package scope carefully

Overview

Checkmarx is an enterprise application security company centered on the Checkmarx One platform. It covers SAST, software composition analysis, API security, ASPM, IaC, container, supply-chain, and developer remediation workflows, with current messaging emphasizing agentic AppSec and AI-era software risk.

The platform is best for organizations that want one security operating layer across developers and AppSec teams. It is not positioned as a tiny repo plug-in; it is a consolidation platform for teams managing code risk, open-source packages, generated code, policy, and remediation at scale.

Checkmarx publishes package names and capability groupings but not simple public dollar amounts. Buyers should expect quote-based pricing tied to package scope, add-ons, and enterprise rollout needs.

For adjacent developer-security research, compare Codex GPT-5.2 security features, Claude Sonnet 4.6, and Inspector.

Key Features

  • Checkmarx One platform - A unified AppSec platform for multiple testing and risk-management workflows.

  • SAST and SCA coverage - Core static analysis and open-source dependency security are central to the product.

  • ASPM and risk prioritization - Security teams can manage application posture and focus remediation on higher-risk issues.

  • AI and agentic AppSec features - Current messaging emphasizes AI assistance for detection, triage, and remediation workflows.

  • Developer remediation support - Checkmarx focuses on moving findings into developer workflows rather than leaving issues only in security dashboards.

  • Enterprise packaging - Published packaging paths include starter and broader platform packages for different maturity levels.

Pricing & Plans

Plan Pricing Best fit
Start with SAST / SSCS Quote-based package Teams beginning with code security or supply-chain security.
Essentials / Professional / Enterprise Quote-based package Organizations scaling into broader AppSec platform coverage.
Add-ons and services Quote-based Teams needing advanced coverage, implementation, or enterprise controls.

Checkmarx exposes packaging but not public dollar amounts. Use PAID as the valid pricing model and confirm actual cost through Checkmarx sales.

Best For

Checkmarx is best for enterprise AppSec teams, security leaders, developers, DevSecOps teams, and software supply chain teams who need to find, prioritize, govern, and remediate application and software supply-chain risk across the SDLC. In practical terms, it fits:

  • Enterprise AppSec programs
  • Security teams consolidating SAST, SCA, ASPM, and remediation
  • Organizations securing AI-generated and open-source code
  • DevSecOps teams needing policy and developer workflows

FAQ

What is Checkmarx?

Checkmarx is an enterprise application security vendor centered on the Checkmarx One platform.

Does Checkmarx publish pricing?

Checkmarx publishes packaging options but actual pricing is quote-based.

Why is pricingModel PAID?

Checkmarx is a paid commercial platform with quote-based packaging rather than public self-serve plan cards.

What does Checkmarx One include?

Public packaging references SAST, SCA, API security, ASPM, and additional AppSec capabilities depending on package.

Is Checkmarx good for small teams?

It can be used selectively, but it is primarily positioned for larger AppSec programs.

Who should use Checkmarx?

Use it if your organization needs consolidated application security coverage across code, dependencies, policy, and remediation.

Top alternatives

Related categories

Is this your tool?

Upgrade this free listing to Verified to unlock all four below. One-time fee of $99.

Claim & upgrade

Verified badge

A blue Verified pill appears next to your tool name across ToolWorthy. Embeddable on your own site too.

Featured alternatives slot

Appear in the sidebar of similar tools' detail pages — intent-matched traffic from competitors.

Dofollow backlink

Your Visit Site button sends direct SEO value to your domain instead of nofollow.

Editor-curated review

We expand your listing with original pros/cons, use cases, and screenshots — on-brand and on-message.

From the blog

View all →

Track Checkmarx in ToolWorthy Weekly

Important tool updates, better alternatives, and selected AI signals in one weekly brief.

Weekly only. Unsubscribe anytime.