CAST Highlight vs. Checkmarx

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
CAST Highlight
Score 8.2 out of 10
Enterprise companies (1,001+ employees)
CAST headquartered in New York offers Highlight, an application portfolio management solution providing software component analysis , application security, application benchmarking, and technical due diligence.
$25,000
Portfolio Size 25
Checkmarx
Score 9.1 out of 10
N/A
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)N/A
Pricing
CAST HighlightCheckmarx
Editions & Modules
Cloud
25k
Portfolio Size 25
SCA
$26k
Portfolio Size 25
Complete
33k
Portfolio Size 25
No answers on this topic
Offerings
Pricing Offerings
CAST HighlightCheckmarx
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeOptionalNo setup fee
Additional DetailsAnnual Pricing by Size of Application Portfolio
More Pricing Information
Community Pulse
CAST HighlightCheckmarx
Considered Both Products
CAST Highlight
Chose CAST Highlight
These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
Checkmarx
Chose Checkmarx
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into …
Chose Checkmarx
We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, …
Best Alternatives
CAST HighlightCheckmarx
Small Businesses

No answers on this topic

GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
CAST HighlightCheckmarx
Likelihood to Recommend
10.0
(0 ratings)
9.0
(0 ratings)
Usability
-
(0 ratings)
7.0
(0 ratings)
Support Rating
10.0
(0 ratings)
-
(0 ratings)
User Testimonials
CAST HighlightCheckmarx
Likelihood to Recommend
I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.
Read full review
If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.
Read full review
Pros
  • Identifies common coding vulnerabilities.
  • Compares code to industry best practices.
  • Assesses the code for data privacy compliance.
Read full review
  • Supports a large number of languages
  • Finds a large variety of potential risks
Read full review
Cons
  • Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans.
  • We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance.
Read full review
  • DAST capability can be the one where it does not support native use case of using OTP based arch
  • API Scanning is something that lacks a bit due to not much customizations
  • Branch wise reports for SAST is not available
Read full review
Usability
No answers on this topic
Checkmarx's usability is generally good, but it can be a bit complex for new users. The interface may take some time to get used to, especially for those unfamiliar with security tools. Once you become familiar with it, it’s effective and integrates well into development workflows.
Read full review
Support Rating
Tech support and pro services are top-notch.
Read full review
No answers on this topic
Alternatives Considered
These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
Read full review
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems
Read full review
Return on Investment
  • I believe once we had the tool working for our code base, we immediately saw positive ROI.
  • We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you.
Read full review
  • Great diversity of vulnerabilities covered.
  • Quicker scans
  • They are feature rich compared to other tools I used in the past.
  • Dashboards are not customizable enough.
  • High number of false positives take up time and sometimes make our report look bad.
Read full review
ScreenShots

CAST Highlight Screenshots

Screenshot of Application Portfolio ManagementScreenshot of Software Composition AnalysisScreenshot of Portfolio Advisor for Open SourceScreenshot of Portfolio Advisor for CloudScreenshot of Cloud Migration Blockers and Boosters