Checkmarx is Salesforce’s Official Static Application Security Testing Provider
Among the most powerful static source code analysis tools available today, CxSAST and Checkmarx One offers unique features that make them stand out from other enterprise class products
| Feature | Feature | Force.com Scanner | Checkmarx |
|---|---|---|---|
| Price | |||
| Price | Free | Commercial License | |
| Subscription Period | |||
| Subscription Period | Per Scan | minimum 1 year | |
| Max Lines of Code | |||
| Max Lines of Code | Lines of Code per Scan | 30,000 LoC | Unlimited |
| Number of Projects | |||
| Number of Projects | 1 Project | Multiple Projects | |
| Salesforce Languages | |||
| Salesforce Languages | Apex, VisualForce, Javascript, HTML5 |  Yes |
Yes |
| Technical Support | |||
| Technical Support |  No |
Yes |
|
| Best Fix Location | |||
| Best Fix Location | Optimal vulnerability remediation can be presented in textual or visual formats. For example, the ability to pinpoint the precise vulnerability which – if fixed – eliminates all vulnerabilities that depend on that particular code flow. | No |
Yes |
| Salesforce direct support | |||
| Salesforce direct support | for Apex scan queries and scan results | No |
Yes |
| On-Demand Scanning and Immediate Results | |||
| On-Demand Scanning and Immediate Results | Receive results immediately independent of Salesforce timelines. Full or Incremental project scan options | No |
Yes |
| Out-of-the-box integration with the most common IDE and Source Repositories. | No |
Yes |
|
| Standards Support | |||
| Standards Support | Easily and cost effectively comply with most of the major regulatory requirements and industry standards. e.g. PCI-DSS, HIPAA, etc | No |
Yes |
| Additional Supported Language Packages | |||
| Additional Supported Language Packages | Java, .Net, ASP, VB, C/C++, PHP, Ruby, JavaScript, VBScript, Perl, Android, iOS, PL/SQL, Python, Groovy and more. Included at additional cost. | No |
Yes |
| Build Process Integration | |||
| Build Process Integration | Integration into your existing SDLC; Scan automation that supports Continuous Integration Tools, Build Servers, Web Service API, Command Line Interface, Bug Tracking for early-stage scanning and Agile development environments. | No |
Yes |
| API Access | |||
| API Access | No |
Yes |
Technology | Security Tools