Checkmarx One vs SonarCloud comparison

Checkmarx One
Read 67 Checkmarx One reviews
  • 31,565 Views
  • 20,243 Comparison Views
86% willing to recommend
SonarCloud
Read 10 SonarCloud reviews
  • 10,608 Views
  • 8,057 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Checkmarx One and SonarCloud based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Checkmarx One vs. SonarCloud Report (Updated: May 2024).
Buyer's Guide
Checkmarx One vs. SonarCloud
May 2024
Download the complete report
Helped 787,061 peers since 2012
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Number of Reviews
67
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (11th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
SonarCloud
Ranking in Static Application Security Testing (SAST)
10th
Average Rating
8.4
Number of Reviews
10
Ranking in other categories
No ranking in other categories
 

Market share comparison

As of June 2024, in the Static Application Security Testing (SAST) category, the market share of Checkmarx One is 10.2% and it decreased by 20.5% compared to the previous year. The market share of SonarCloud is 11.5% and it increased by 37.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
Unique Categories:
Application Security Tools
13.2%
Vulnerability Management
1.3%
No other categories found
 

Featured Reviews

Rahul Mane - PeerSpot reviewer
Feb 19, 2023
A highly recommended tool for delivering secure products
We use the solution for SAST and DAST testing Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes.…
Read full review
Huzaifa Asif - PeerSpot reviewer
Dec 12, 2023
A comprehensive code quality management offering all-in-one functionality, including static code analysis, security assessments, and code optimization, while providing valuable insights for developers
There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation could use improvement in providing clearer instructions. I found myself needing to engage with support multiple times to navigate through certain aspects. Additionally, it would be beneficial if it could streamline the integration process for new features. Enhancing documentation on how to integrate these features seamlessly would go a long way in improving user experience. The introduction of an auto-commit functionality would be a valuable addition. Some other tools offer this feature, allowing for the automatic creation of pull requests to address identified issues. This functionality significantly reduces the manual effort required.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The SAST component was absolutely 100% stable."
"The solution is scalable, but other solutions are better."
"The setup is fairly easy. We didn't struggle with the process at all."
"The value you can get out of the speedy production may be worth the price tag."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"Both automatic and manual code review (CxQL) are valuable."
More Checkmarx One pros
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"For what it is meant to do, it works pretty well."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The reports from SonarCloud are very good."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"The most valuable feature of SonarCloud is its overall performance."
More SonarCloud pros
 

Cons

"Checkmarx needs to be more scalable for large enterprise companies."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"The integration could improve by including, for example, DevSecOps."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"Checkmarx could improve the speed of the scans."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
More Checkmarx One cons
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"The solution needs to improve its customization and flexibility."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"It would be helpful if notifications could go out to an extra person."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
More SonarCloud cons
 

Pricing and Cost Advice

"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"The number of users and coverage for languages will have an impact on the cost of the license."
"It's relatively expensive."
"It is a good product but a little overpriced."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"The solution's price is high and you pay based on the number of users."
"It is an expensive solution."
"It is the right price for quality delivery."
More Checkmarx One pricing and cost advice
"I am using the free version of the solution."
"The current pricing is quite cheap."
"While not extremely cheap, it aligns well with market standards and offers good value."
"I rate the pricing a five out of ten."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
787,061 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
5%
Computer Software Company
18%
Financial Services Firm
10%
Manufacturing Company
9%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
The solution's price is high and you pay based on the number of users.
See all answers
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
See all answers
What is your experience regarding pricing and costs for SonarCloud?
I would rate the price an eight out of ten because it's reasonable. While not extremely cheap, it aligns well with market standards and offers good value. It's an all-inclusive package where you pa...
See all answers
What needs improvement with SonarCloud?
There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation coul...
See all answers
 

Comparisons

SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
Compared 52% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 13% of the time
Fortify on Demand vs Checkmarx One Logo
Fortify on Demand vs Checkmarx One
Compared 6% of the time
Snyk vs Checkmarx One Logo
Snyk vs Checkmarx One
Compared 4% of the time
HCL AppScan vs Checkmarx One Logo
HCL AppScan vs Checkmarx One
Compared 1% of the time
More Checkmarx One Competitors
SonarQube vs SonarCloud Logo
SonarQube vs SonarCloud
Compared 78% of the time
Veracode vs SonarCloud Logo
Veracode vs SonarCloud
Compared 7% of the time
GitLab vs SonarCloud Logo
GitLab vs SonarCloud
Compared 3% of the time
OWASP Zap vs SonarCloud Logo
OWASP Zap vs SonarCloud
Compared 2% of the time
Coverity vs SonarCloud Logo
Coverity vs SonarCloud
Compared 2% of the time
More SonarCloud Competitors
 

Product Reports

Buyer's Guide
Checkmarx One
June 2024
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
SonarCloud
May 2024
SonarCloud reportDownload SonarCloud product report
 

Learn More

Checkmarx
Sonar
 

Interactive Demo

Demo not available
Checkmarx
Sonar
 

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security analysis as a service. SonarCloud integrates seamlessly with popular version control and CI/CD platforms such as GitHub, Bitbucket, and Azure DevOps. It provides static code analysis to identify and help remediate issues such as bugs and security vulnerabilities. SonarCloud enables developers to receive immediate feedback on their code within their development environment, facilitating the maintenance of high-quality code standards, and promoting a culture of continuous improvement in software development projects. It helps produce software that is secure, reliable, and maintainable. SonarCloud is free for open-source projects and is offered as a paid subscription for private projects, priced per lines of code.

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Buyer's Guide
Checkmarx One vs. SonarCloud
May 2024
Free Report: Checkmarx One vs. SonarCloud
Find out what your peers are saying about Checkmarx One vs. SonarCloud and other solutions. Updated: May 2024.
DOWNLOAD NOW
787,061 professionals have used our research since 2012.
See our Checkmarx One vs. SonarCloud report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.