Checkmarx One and SonarQube Cloud are both key players in the code analysis category. Checkmarx One seems to have the upper hand with its extensive security features and comprehensive scanning capabilities despite higher costs.
Features: Checkmarx One offers robust security features, supports a wide range of modern programming languages, and allows vulnerability identification without code compilation. SonarQube Cloud provides excellent code quality analysis, ensures quick improvement with seamless CI/CD integration, and features a user-friendly interface.
Room for Improvement: Checkmarx One could improve role management, reduce false positives, and enhance platform integration and support for various frameworks. SonarQube Cloud needs better false positive management, more customization and reporting features, and improved configuration processes.
Ease of Deployment and Customer Service: Checkmarx One offers flexible deployment options, including on-premises, private, hybrid, and public clouds. It receives varied feedback on customer support, which is generally responsive but sometimes slow. SonarQube Cloud simplifies deployment with public cloud support and receives praise for its good customer service.
Pricing and ROI: Checkmarx One is priced higher, justified by its comprehensive security features giving good ROI despite the complex licensing model. SonarQube Cloud offers a cost-effective pricing model based on lines of code, suitable for smaller projects, providing substantial market value and quicker secure application delivery.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.
SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.
What are the key features of SonarQube Cloud?In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.