Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs SonarQube Cloud (formerly SonarCloud) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Customer Service

Sentiment score
7.4
Checkmarx One's support is generally rated positively for knowledgeability and quick responses, despite occasional delays and unresolved issues.
Sentiment score
10.0
SonarQube Cloud's customer service receives mixed reviews, highlighting prompt responses but also noting delays and technical support gaps.
 

Room For Improvement

Sentiment score
4.7
Checkmarx One needs better accuracy, language support, integration, flexibility, UI customization, documentation, dynamic testing, and API security features.
Sentiment score
2.4
SonarQube Cloud requires better testing, reporting, and documentation enhancements for improved user experience and satisfaction.
 

Scalability Issues

Sentiment score
7.3
Checkmarx One is favored for its scalability and efficiency, though licensing and resource challenges are sometimes noted.
Sentiment score
8.0
SonarQube Cloud scales effectively, supporting enterprise expansion with high user satisfaction and no major scalability issues across projects.
 

Setup Cost

Sentiment score
6.4
Checkmarx One is costly but valued for its robust security, despite complexity in setup and licensing options.
No sentiment score available
Enterprise users find SonarQube Cloud pricing reasonable, with varying opinions due to cost changes and feature inclusions in packages.
 

Stability Issues

Sentiment score
7.2
Checkmarx One is stable for most, but large codebase handling can cause crashes, memory issues, and configuration dependence.
Sentiment score
6.8
SonarQube Cloud is stable and dependable, though it requires better documentation, integration support, and improvements for untrained users.
 

Valuable Features

Sentiment score
8.4
Checkmarx One enhances secure coding with user-friendly interface, automation, and multi-language support, making it ideal for developers.
Sentiment score
7.8
SonarQube Cloud excels in vulnerability discovery, security feedback, and integration, ideal for startups, with recent mono report enhancements.
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
7.1
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), API Security (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
SonarQube Cloud (formerly S...
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 12.8%, down from 13.8% compared to the previous year. The mindshare of SonarQube Cloud (formerly SonarCloud) is 6.8%, up from 6.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.
Diego Moreo - PeerSpot reviewer
Enhanced code quality with data consolidation needs and good pipeline integration
We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
816,406 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Computer Software Company
19%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost.
What needs improvement with SonarCloud?
Reporting features are missing in SonarCloud. We do not have a way to consolidate data within the tool, requiring us to extract data and use Power BI for reports.
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Checkmarx One vs. SonarQube Cloud (formerly SonarCloud) and other solutions. Updated: October 2024.
816,406 professionals have used our research since 2012.