Use Cases and Deployment Scope
Checkmarx was uses as a reactive security sast control in my org, to detect code security scans, secret detection and license scanning. We also used it to assess our overall sast structure by dashboards and metrics such as MTTR etc. There were lot of grey areas where devs needed assistance with the vulnerable piece of code and checkmarx used to provide great insights on that.
Other Software Used
SonarQube Server, Veracode