What users are saying about

Checkmarx vs SonarQube

Checkmarx
8 Ratings
SonarQube
19 Ratings

Checkmarx

8 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 9.6 out of 100

Based on 8 reviews and ratings

SonarQube

19 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.3 out of 100

Based on 19 reviews and ratings

Likelihood to Recommend

Checkmarx

Checkmarx works really well when you actively work with it, rerunning it after change. It gets confused easily when lots of files get changes, and results in a lot of additional false positives.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 1 answers on this topic

SonarQube

SonarQube has been well suited for us when new devleopers start working on our projects. With SonarQube checking code smells and our custom coding stardards, new developers write better code with less errors as outlined by our development standards.It is also very handy to have SonarQube built right into our continuous integration process. Doing it this way results in having less worry around whether our coding standards have been followed. They are automatically applied before code is checked in.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 5 answers on this topic

Pros

Checkmarx

  • Supports a large number of languages
  • Finds a large variety of potential risks

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 1 answers on this topic

SonarQube

  • Core competency of static analysis. This is why SonarQube exists and it does it exceedingly well.
  • Customized quality settings let you tailor the tool for your specific needs.
  • Support for many languages including C, C++, Python, and more.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 5 answers on this topic

Cons

Checkmarx

  • Lots of false positives
  • Hard to integrate with CI

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 1 answers on this topic

SonarQube

  • Have a way to ignore the issues that the team decides not to fix.

Read full review

Hung Vu | TrustRadius Reviewer
Hung Vu
View all 5 answers on this topic

Support Rating

Checkmarx

No score
No answers yet
No answers on this topic

SonarQube

SonarQube 9.0
Based on 1 answer
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 1 answers on this topic

Alternatives Considered

Checkmarx

No answers on this topic

SonarQube

Gitlab, if you have the right license, ships with a static analysis tool. It integrates better with Gitlab, but didn't seem to have the same quality output that Sonarqube did. Sonarqube's community version is plenty suitable for day to day analysis operations.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 5 answers on this topic

Return on Investment

Checkmarx

  • Improved ability to provide high level of IA confidence
  • Improved confidence in application-level security

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 1 answers on this topic

SonarQube

  • It became easy to identify the bugs and issue generation.
  • It is open source thus saving money.
  • Enhances the code quality and standard.

Read full review

Sanyam Jain | TrustRadius Reviewer
Sanyam Jain
View all 5 answers on this topic

Pricing Details

Checkmarx

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

SonarQube

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Add comparison