No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx One vs ReversingLabs comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Checkmarx One
Ranking in Container Security
14th
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
81
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Vulnerability Management (15th), Static Code Analysis (2nd), API Security (4th), Dynamic Application Security Testing (DAST) (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (11th), Application Security Posture Management (ASPM) (3rd), AI Security (3rd)
ReversingLabs
Ranking in Container Security
52nd
Average Rating
9.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Application Security Tools (40th), Anti-Malware Tools (42nd), Software Composition Analysis (SCA) (25th), Threat Intelligence Platforms (TIP) (28th), Software Supply Chain Security (18th)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Shahzad Shahzad - PeerSpot reviewer
Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution
Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance
Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.
TC
Forensic Lead, Global Security Fusion Center at a insurance company with 10,001+ employees
Very good malware and goodware repository and enables us to look more deeply at indicators of compromise
The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild. Also, the solution’s object and file analysis provide us with actionable insights. Its malware and goodware repository is very good. It's very robust. It gets all of the different repositories that are out there that do analysis and brings them under one roof where we can statically analyze for those indicators of compromise and look at them more deeply. If we need to go deeper into things, we can do that.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS and a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources."
"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."
"The most valuable feature of Qualys TotalCloud is the visibility it provides."
"Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors."
"CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs."
"The most valuable feature is the consolidated information that it provides from various platforms."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
"Qualys TotalCloud is an excellent platform, and the beauty of the platform is that we can get all the vulnerabilities, see all the reports in a single dashboard, view them segregated, and easily learn about critical, high, and medium findings with appropriately provided remediation steps."
"The setup is fairly easy. We didn't struggle with the process at all."
"Even if there are multiple vulnerabilities in the source coding, Checkmarx is able to identify which lines need to be corrected and then proceeds to automatically remediate the situation."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The administration in Checkmarx is very good."
"It's been a very positive experience overall."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The most valuable feature is the simple user interface."
"Providing the scanning ability that shows the errors at the source code level is critical to have effective development of any critical application."
"As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources."
"It offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information... It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types."
"The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild."
"We have complete faith that it can do that for us, and can do it at scale."
"ReversingLabs has a large sample size."
"As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name."
"We had nothing in the environment to do such analysis, so it's been a savior in many ways."
"As far as the availability of the content is generally concerned and the number of malicious programs that can be looked up in the repository, these are very extensive."
 

Cons

"Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."
"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements."
"Areas that need improvement in every solution include the remediation part. The remediation steps should be simple enough for everyone to understand."
"There is room for improvement in vulnerability scanning, particularly for PaaS environments. Currently, Qualys does not have full access to these instances, which limits its effectiveness."
"The cost of Qualys TotalCloud is high and could be more competitive."
"Their customer support needs improvement."
"It is an expensive solution."
"Checkmarx One is often down when the cloud provider experiences issues. A more fail-tolerant solution needs to be created."
"Presently they support micro-services, but the supporting methodology of the micro-services is not good enough at the moment."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"They can support the remaining languages that are currently not supported."
"Scanning speed optimization is an area where improvements can be made, and we can reduce false positives."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"I would like to see if we could do a little bit more of bulk uploading of hash sets. Right now, I can only do them individually."
"The solution needs to improve integrations."
"We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us."
"The product support could be better at times. Sometimes, the resources that they provide could be of higher quality."
"While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality."
 

Pricing and Cost Advice

"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"TotalCloud's price is about right where I would expect it to be."
"The cost is high, but it meets our organizational needs."
"The interface used to create custom rules comes at an additional cost."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"For around 250 users or committers, the cost is approximately $500,000."
"It's relatively expensive."
"We have purchased an annual license to use this solution. The price is reasonable."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"Currently, the license number of lookups that we purchased has not been reached yet, because the integration has only recently been completed. However, our usage is expected and planned to increase over the next couple of months."
"We have a yearly contract based on the number of queries and malicious programs which can be processed."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
16%
Manufacturing Company
9%
Computer Software Company
8%
Government
5%
Construction Company
16%
Financial Services Firm
12%
Computer Software Company
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business32
Midsize Enterprise9
Large Enterprise46
No data available
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed Ap...
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additi...
Ask a question
Earn 20 points
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
ReversingLabs Titanium, ReversingLabs secure.software
 

Overview

 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Financial services, healthcare, government, manufacturing, oil & gas, telecommunications, information technology
Find out what your peers are saying about Checkmarx One vs. ReversingLabs and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.