What is the biggest difference between Checkmarx and SonarQube?

Checkmarx One and SonarQube Server are leading code analysis tools in the software security market. SonarQube holds the upper hand in affordability with its open-source version, while Checkmarx is preferred for its extensive security features.Features: Checkmarx One offers robust security features, including precompiled and compiled code scanning, integration with key repositories, and fewer false positives. SonarQube Server provides customizable quality gates, comprehensive support for...

Download Checkmarx One vs. SonarQube Server (formerly SonarQube) comparison Report Read more

Related Q&As

May 23, 2023

What are the differences between SonarQube and CAST AIP?

May 16, 2023

Which software is ideal for code quality and security?

Elina Petrovna Professor at BitBrainery University · Answer 1 · 2020-02-04T15:01:32Z

SonarQube historically was focused on Code Quality and Best Practices. Recently the enterprise and data center versions provide some security vulnerabilities detection with OWASP compliance. This is not enough. If you are focused on Secure Coding, Checkmarx is much better. Most of the enterprise customers use to work with CheckMarx and SonarQube (free version) together in order to detect Security and Quality/Best Practices Issues.

Curtis Yanko DevSecOps Evangelist & Coach at Shiftleft · Answer 2 · 2021-03-02T13:53:29Z

I’ve always viewed sonarqube as a code quality tool that compliments many code security tools like a checkmarx.

ManojKumar9 Systems Analyst at Thrivent Financial for Lutherans · Answer 3 · 2020-02-04T17:46:54Z

The major difference I have seen between Checkmarx and SonarQube is :

CheckMarx support: Supports a large number of languages and finds a large variety of potential risks.

Apart from this, I don't see any big differences.