Comparison between Fluid Attacks and Checkmarx | Fluid Attacks

Checkmarx

How does Fluid Attacks' solution compare to Checkmarx's? The following comparison table enables you to discern the performance of both providers across various attributes essential for meeting your company’s cybersecurity needs. To better understand each attribute, read their descriptions in the dedicated page.

Organization
Attribute
Essential
Advanced
Checkmarx 
Focus
AI-powered PTaaS on top of native ASPM with In-house scanners
Extras
None
None
None
Headcount

986

Headcount distribution
Headcount growth
+7%, +8%, +7%
Headquarters
Countries
CO and US
FR, IN, IL, PT, SG and US
Reputation
9.79 from 161 reviews over 7 years on Gartner and Clutch
Same
8.55 from 172 reviews over 10 years on  G2, Gartner, PeerSpot, Software Advice and TrustRadius
Followers
20K based on the following: Facebook, Instagram, LinkedIn, X and YouTube
Same
143K based on the following: Facebook, LinkedIn, X and YouTube
Research firms
None
None
Founded
2001
Funding
Bootstrapped
Same
$92M USD in 4 rounds from 6 investors
Acquisitions
None
None
Acquired 0 times and made 3 acquisitions
Revenue
CVE
257 CVEs reported to MITRE, ranked among the top 10 CVE labs worldwide
5 CVEs reported to MITRE
Compliance
Bug bounty
No
Visits
19K per month. Top 3: 50% NL, 17% CO, 6% US and others 27%
82K per month. Top 3: 36% IN, 13% US, 7% IL and others 44%
Authority
Vulnerability database
Content
Knowledge base
13 KB sections, 7 in common and 6 additional
8 KB sections, 7 in common and 1 additional
Community
Forum Private
Sync training
No
No
4 Live security education courses (subscription-based)
Async training
Security education platform (subscription-based)
Distribution
Direct or with any of its 14 partners
Same
Direct or with any of its 60 partners
Marketplaces AWS
Freemium
No
No
No
Free trial
Demo
Pricing
Pricing tiers
4 plans (SAST, essentials, professional, enterprise). None transparent
Minimum commit
Minimum payment period
Minimum capabilities

Same plus: PTaaSRE and SCR

Minimum scope
No information available
Pricing drivers
Minimum monthly payment

Service
Attribute
Essential
Advanced
Checkmarx
PTaaS
No
No
Reverse engineering
No
Yes No
Secure code review
No
No
Pivoting
No
No
Exploitation
No
No
Manual reattacks
Not applicable
Not applicable
Zero-day vulnerabilities
None
Continuous zero-day vulnerability research
Continuous zero-day vulnerability research
SLA
Availability and response
Min availability
>=99.95% per minute LTM
>=99.5% per period
After-sale guarantees
No
Yes
No
Accreditations
Hacker certifications
Not applicable
Not applicable
Type of contract
Employee
Same
Endpoint control
Not applicable
Total
Not applicable
Channel control
Not applicable
Total
Not applicable
Standards
Some requirements from 65 standards, 19 in common and 46 additional
All requirements from the same standards
20 standards, 19 in common and 1 additional
Detection method
False positives
4.87 times better
7.66 times better
12% F0.5 score per quantity
False negatives
6.60 times better
18.98 times better
4% F2.0 score per severity
Remediation
5, 3 in common and 2 additional
Same, plus 1
4, 3 in common and 1 additional
Outputs
5, 4 in common and 1 additional
Same, plus 2
6, 4 in common and 2 additional

Product
Attribute
Essential
Advanced
Checkmarx
ASPM
Yes
API
Same
IDE
5 functionalities, 4 in common and 1 additional
Same, plus 1 functionality
6 functionalities, 4 in common and 2 additional
CLI
CI/CD
Vulnerability sources
4 sources, 1 in common and 3 additional 
Same
8 sources, 1 in common and 7 additional
Priority criteria
CVSS v4.0, CVSSF, EPSS and KEV
Custom prioritization
Scanner origin
In-house and External (ZAP for DAST and KICS for IaC )
SCA
24 package managers, 14 in common and 10 additional
19 package managers, 14 in common and 5 additional
AI security
No
No
Reachability
Yes. No information available
Reachability type
SBOM
22 package managers, 11 in common and 11 additional
19 package managers, 11 in common and 8 additional
Malware detection
Yes
Yes
Autofix on components
No
No
No
Containers
4 distributions, 3 in common and 1 additional
3 distributions, all in common
Source SAST (languages)
12, 11 in common and 1 additional
36, 11 in common and 25 additional
Source SAST (frameworks)
22, 10 in common and 12 additional

52, 10 in common and 42 additional

Custom rules
No
No
IaC
6, 5 in common and 1 additional
4, all in common
12, 9 in common and 3 additional
Binary SAST
1 type of binary
No
DAST
7 attack surface types, 2 in common and 5 additional

3 attack surface types, 2 in common and 5 additional

API security testing
No
types of APIs, 3 in common and 1 additional
3 types of APIs, all in common
IAST
No
No
No
CSPM
Yes
No
Environments
Left & Right (included)
Same
Left & Right (at extra cost)
ASM
No
No
No
Secrets
15 secrets types, 5 in common and 10 additional
Same, plus verify other attack vectors and secrets exploitability
5 secrets types, all in common
AI
4 functions, 2 in common and 2 additional
4 functions, 2 in common and 2 additional
Open-source
Not applicable
Apache License version 2.0, partially equivalent to the paid version
Provisioning as Code
Deployment
Regions
ANZ, EU, IND, ISR, SNG, UAE and US
Status
Incidents

Integrations
Attribute
Essential
Advanced
Checkmarx
SCM
4, 3 in common and 1 additional
4, 3 in common and 1 additional
Binary repositories
None
None
5
Ticketing
3, all in common

5, 3 in common and 2 additional

ChatOps
None
None

2

IDE
3, 2 in common and 1 additional

4, 2 in common and 2 additional

CI/CD
20, 10 in common and 10 additional
17, 10 in common and 7 additional
SCA
Container

Native

SAST
DAST

Native powered by ZAP

IAST
None
None
None
Cloud
3, all in common
3, all in common
CSPM
None
Secrets
Remediation
None
None
3
Bug bounty
None
None
None
Vulnerability management
None
None
Compliance
None
None
None

Notes
 References were last checked on Aug 28, 2025.
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.