Attribute
|
Essential
|
Advanced
|
Checkmarx
|
Focus
|
|||
Extras
|
None
|
None
|
None
|
Headcount
|
|||
Headcount distribution
|
|||
Headcount growth
|
+7%, +8%, +7% | ||
Headquarters
|
|||
Countries
|
|||
Reputation
|
Same
|
||
Followers
|
Same
|
||
Research firms
|
None
|
None
|
|
Founded
|
2001 | ||
Funding
|
Bootstrapped
|
Same
|
$92M
USD in 4 rounds from 6
investors
|
Acquisitions
|
None
|
None
|
Acquired 0 times and made 3
acquisitions
|
Revenue
|
|||
CVE
|
5
CVEs reported to MITRE
|
||
Compliance
|
|||
Bug bounty
|
No
|
||
Visits
|
|||
Authority
|
|||
Vulnerability database
|
|||
Content
|
Blog, documentation, e-books, reports, videos, webinars and white papers |
||
Knowledge base
|
13 KB sections, 7
in common and 6 additional
|
8 KB sections, 7 in common and 1 additional | |
Community
|
Forum | Private | |
Sync training
|
No
|
No
|
4 Live security
education courses (subscription-based)
|
Async training
|
3 product use
courses, all free
|
Security
education platform (subscription-based)
|
|
Distribution
|
Same
|
Direct or with any of its
60 partners
|
|
Marketplaces | AWS | ||
Freemium
|
No
|
No
|
No
|
Free trial
|
|||
Demo
|
|||
Pricing
|
|||
Pricing tiers
|
1 plan
|
1 plan
|
4 plans (SAST, essentials,
professional, enterprise). None transparent
|
Minimum commit
|
|||
Minimum payment period
|
|||
Minimum capabilities
|
API security testing, ASPM, binary SAST, containers, CSPM, DAST, IaC, SAST, SCA and secrets |
||
Minimum scope
|
1 group
|
1 author
|
No information available
|
Pricing drivers
|
|||
Minimum monthly payment
|
Attribute
|
Essential
|
Advanced
|
Checkmarx
|
PTaaS
|
No
|
No
|
|
Reverse engineering
|
No
|
Yes | No |
Secure code review
|
No
|
No
|
|
Pivoting
|
No
|
No
|
|
Exploitation
|
No
|
No
|
|
Manual reattacks
|
Not applicable
|
Not applicable
|
|
Zero-day
vulnerabilities
|
None
|
||
SLA
|
Availability and response | ||
Min availability
|
>=99.95%
per minute LTM
|
>=99.5% per period
|
|
After-sale guarantees
|
No
|
Yes
|
No |
Accreditations
|
|||
Hacker certifications
|
Not
applicable
|
Not
applicable
|
|
Type of contract
|
Employee
|
Same
|
|
Endpoint control
|
Not applicable
|
Total
|
Not applicable
|
Channel control
|
Not applicable
|
Total
|
Not applicable
|
Standards
|
Some
requirements from
65 standards, 19 in common
and 46
additional
|
||
Detection method
|
|||
False positives
|
4.87 times better
|
7.66 times better
|
12% F0.5 score per quantity
|
False negatives
|
6.60 times better
|
18.98 times better
|
4% F2.0 score per severity
|
Remediation
|
5, 3 in
common and 2 additional
|
Same, plus 1
|
4, 3 in common and
1
additional
|
Outputs
|
5, 4 in common
and 1
additional
|
Same, plus 2
|
6, 4 in common and
2 additional
|
Attribute
|
Essential |
Advanced
|
Checkmarx
|
ASPM
|
Yes | ||
API
|
Same | ||
IDE
|
Same, plus
1 functionality
|
||
CLI
|
|||
CI/CD
|
|||
Vulnerability sources
|
4 sources,
1 in common and 3 additional
|
Same |
8 sources, 1 in common and 7 additional
|
Priority criteria
|
|||
Custom prioritization
|
|||
Scanner origin
|
|||
SCA
|
|||
AI security
|
No
|
No | |
Reachability
|
12 languages
|
Yes.
No information available
|
|
Reachability type
|
|||
SBOM
|
|||
Malware detection
|
Yes
|
Yes
|
|
Autofix on components
|
No
|
No
|
No
|
Containers
|
|||
Source SAST
(languages)
|
12, 11 in common and 1
additional
|
36, 11 in common and 25
additional
|
|
Source SAST
(frameworks)
|
22, 10 in common and 12
additional
|
52, 10 in common and 42 additional |
|
Custom rules
|
No
|
No
|
|
IaC
|
6,
5 in common and 1 additional
|
4,
all in common
|
12, 9 in common and 3 additional |
Binary SAST
|
No
|
||
DAST
|
3 attack surface types, 2 in common and 5 additional |
||
API security testing
|
No
|
4 types
of APIs, 3 in common and 1 additional
|
3 types of APIs, all in common |
IAST
|
No
|
No
|
No
|
CSPM
|
Yes |
No
|
|
Environments
|
Left & Right (included)
|
Same
|
Left & Right (at extra cost) |
ASM
|
No
|
No
|
No
|
Secrets
|
Same,
plus verify other attack vectors
and secrets exploitability
|
||
AI
|
|||
Open-source
|
Not applicable
|
Apache License version
2.0, partially
equivalent to the paid
version
|
|
Provisioning as Code
|
|||
Deployment
|
|||
Regions | |||
Status
|
|||
Incidents
|
Attribute
|
Essential
|
Advanced
|
Checkmarx
|
SCM
|
4, 3 in common and 1
additional
|
4, 3 in common and 1
additional
|
|
Binary repositories
|
None
|
None
|
|
Ticketing
|
3, all in
common
|
5, 3 in common and 2 additional |
|
ChatOps
|
None |
None
|
|
IDE
|
3, 2 in common and 1
additional
|
4, 2 in common and 2 additional |
|
CI/CD
|
20, 10 in common and 10
additional
|
17, 10 in common and
7
additional
|
|
SCA
|
|||
Container
|
|||
SAST
|
|||
DAST
|
Native powered by ZAP |
||
IAST
|
None |
None
|
None
|
Cloud
|
3, all in
common
|
3, all in
common
|
|
CSPM
|
None | ||
Secrets
|
|||
Remediation
|
None
|
None
|
|
Bug bounty
|
None
|
None
|
None |
Vulnerability management
|
None
|
None
|
|
Compliance
|
None
|
None
|
None
|