What users are saying about
11 Ratings
38 Ratings
11 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 7.5 out of 100
38 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.6 out of 100

Likelihood to Recommend

Checkmarx

It is well suited in cases where you wanna share reports with people that do not have a lot of knowledge in security concepts. It would help as the report has elaborate content explaining the issues and fix recommendations. If you want a SAST tool that gives fewer false positives, there are better options compared to Checkmarx. In cases where you want to do SAST scans regularly and quickly, Checkmarx may hold you back with its high count of false positives and lengthy reports.
Anonymous | TrustRadius Reviewer

SonarQube

We have a headache every time when making a new commit+push, because:
  • Check rules could be tight and motivate developers to change the source code.
  • Sonar rules insist on their own rules and no way for trade.
  • Sometimes we missed that some piece of code does not cover by the test, so we need to return to the task again
  • SonarCube + SonarLint helps us to achieve the best quality source code but takes so much time for it.
Aleksei Jegorov | TrustRadius Reviewer

Pros

Checkmarx

  • Supports a large number of languages
  • Finds a large variety of potential risks
Anonymous | TrustRadius Reviewer

SonarQube

  • Best thing about it is that it offers an online instance (SonarCloud) where we can dry run an open source project by forking a github repository
  • Provides detailed analysis of the stacks that it checks for bugs and issues in code stacks.
  • Provides a good amount of documentation on how for configuration and installation and how to use it.
  • Provides a strong integration with azure devops and jenkins for creating DSL pipelines.
Arush Soel | TrustRadius Reviewer

Cons

Checkmarx

  • Scan duration
  • False positives
  • Integration with other tools like Jenkins comes with some inconveniences.
Anonymous | TrustRadius Reviewer

SonarQube

  • SonarQube motivates us to get a big team to write these endless tests to cover everything.
  • Integration with Jira and Jenkins has some tricky moments.
  • Setup process could take a lot of time.
  • Sometimes check rules could be very strict, like 'too many parameters in constructor.'
Aleksei Jegorov | TrustRadius Reviewer

Support Rating

Checkmarx

No score
No answers yet
No answers on this topic

SonarQube

SonarQube 9.0
Based on 2 answers
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Anonymous | TrustRadius Reviewer

Alternatives Considered

Checkmarx

We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, developers can make a note of what should be avoided in the future. Overall, it's a great tool and would be a good investment to make.
Anonymous | TrustRadius Reviewer

SonarQube

SonarQube is an open-source. It's a scalable product. The costs for this application, for the kind of job it does, are pretty descent. Pipeline scan is more secured in SonarQube. Its a very good tool and its support multiple languages. Its main core competency is of static code analysis and that is why SonarQube exists and it does it exceedingly well. The quality of scan on code convention, best practices, coding standards, unit test coverage etc makes them one of the best competent tool in the market
Debobrata Bose | TrustRadius Reviewer

Return on Investment

Checkmarx

  • Improved ability to provide high level of IA confidence
  • Improved confidence in application-level security
Anonymous | TrustRadius Reviewer

SonarQube

  • Our client is quite pleased with the demonstration of this tools
  • Our organisation is using a community edition right now but is planning to migrate to a enterprise version to use it commercially.
  • It is quite a costly tool but our organisation is willing to buy it for its enhanced features and security
Arush Soel | TrustRadius Reviewer

Pricing Details

Checkmarx

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Checkmarx Editions & Modules

Additional Pricing Details

SonarQube

General

Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
No

SonarQube Editions & Modules

Edition
CommunityFree
Developer EDITIONStarts at $1502
Enterprise EDITIONStarts at $20,0003
Data Center EDITIONStarts at $130,0004
  1. 100,000 Lines of Code
  2. 1 Million Lines of Code
  3. 20 Million Lines of Code
Additional Pricing Details

Add comparison