What users are saying about
8 Ratings
19 Ratings
8 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 9.6 out of 100
19 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.3 out of 100

Likelihood to Recommend

Checkmarx

Checkmarx works really well when you actively work with it, rerunning it after change. It gets confused easily when lots of files get changes, and results in a lot of additional false positives.
Anonymous | TrustRadius Reviewer

SonarQube

SonarQube has been well suited for us when new devleopers start working on our projects. With SonarQube checking code smells and our custom coding stardards, new developers write better code with less errors as outlined by our development standards.It is also very handy to have SonarQube built right into our continuous integration process. Doing it this way results in having less worry around whether our coding standards have been followed. They are automatically applied before code is checked in.
Anonymous | TrustRadius Reviewer

Pros

Checkmarx

  • Supports a large number of languages
  • Finds a large variety of potential risks
Anonymous | TrustRadius Reviewer

SonarQube

  • Core competency of static analysis. This is why SonarQube exists and it does it exceedingly well.
  • Customized quality settings let you tailor the tool for your specific needs.
  • Support for many languages including C, C++, Python, and more.
Anonymous | TrustRadius Reviewer

Cons

Checkmarx

  • Lots of false positives
  • Hard to integrate with CI
Anonymous | TrustRadius Reviewer

SonarQube

  • Have a way to ignore the issues that the team decides not to fix.
Hung Vu | TrustRadius Reviewer

Support Rating

Checkmarx

No score
No answers yet
No answers on this topic

SonarQube

SonarQube 9.0
Based on 1 answer
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Anonymous | TrustRadius Reviewer

Alternatives Considered

Checkmarx

No answers on this topic

SonarQube

Gitlab, if you have the right license, ships with a static analysis tool. It integrates better with Gitlab, but didn't seem to have the same quality output that Sonarqube did. Sonarqube's community version is plenty suitable for day to day analysis operations.
Anonymous | TrustRadius Reviewer

Return on Investment

Checkmarx

  • Improved ability to provide high level of IA confidence
  • Improved confidence in application-level security
Anonymous | TrustRadius Reviewer

SonarQube

  • It became easy to identify the bugs and issue generation.
  • It is open source thus saving money.
  • Enhances the code quality and standard.
Sanyam Jain | TrustRadius Reviewer

Pricing Details

Checkmarx

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

SonarQube

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Add comparison