What users are saying about

Checkmarx vs SonarQube

Checkmarx
14 Ratings
SonarQube
Top Rated
56 Ratings

Checkmarx

14 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 5.4 out of 100

Based on 14 reviews and ratings

SonarQube

Top Rated
56 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.2 out of 100

Based on 56 reviews and ratings

Attribute Ratings

  • SonarQube is rated higher in 1 area: Likelihood to Recommend

Likelihood to Recommend

6.0

Checkmarx

60%
2 Ratings
8.4

SonarQube

84%
15 Ratings

Support Rating

Checkmarx

N/A
0 Ratings
9.0

SonarQube

90%
2 Ratings

Likelihood to Recommend

Checkmarx

It is well suited in cases where you wanna share reports with people that do not have a lot of knowledge in security concepts. It would help as the report has elaborate content explaining the issues and fix recommendations. If you want a SAST tool that gives fewer false positives, there are better options compared to Checkmarx. In cases where you want to do SAST scans regularly and quickly, Checkmarx may hold you back with its high count of false positives and lengthy reports.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 2 answers on this topic

SonarQube

SonarQube has a friendly UI that is easy to use and understand. The admin's control panel is very good and It's not really difficult to get through the settings. Its possible to build many rules that apply for each programming language, for example, .NET, and Java. You can easily set up rules and even with the community version. It's a great tool but you have to have a good project plan before being introduced to the tools. I would recommend using the SonarQube open-source version to get used to it before purchasing the license. Before we go with an enterprise product, we have to know the terms and how things are done to run software quality

Read full review

Debobrata Bose | TrustRadius Reviewer
Debobrata Bose
View all 15 answers on this topic

Pros

Checkmarx

  • Supports a large number of languages
  • Finds a large variety of potential risks

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 2 answers on this topic

SonarQube

  • Generating code quality report
  • Calculates junit coverage of the codebase very efficiently and precisely
  • Highlights the bugs and vulnerabilities in our codebase
  • Informs the user of the improvements which can be done to the code to make it cleaner
  • SonarQube also suggests remediation and resolution of the problems it highlights

Read full review

shaurya jain | TrustRadius Reviewer
shaurya jain
View all 15 answers on this topic

Cons

Checkmarx

  • Scan duration
  • False positives
  • Integration with other tools like Jenkins comes with some inconveniences.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 2 answers on this topic

SonarQube

  • Local dashboard wont work without java installed on your machine
  • If talking about the local ui the configuration may be quite complex. Needs an experts advise
  • Its enterprise edition cost a fortune depending on a company size or users that may use it.

Read full review

Arush Soel | TrustRadius Reviewer
Arush Soel
View all 15 answers on this topic

Pricing Details

Checkmarx

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Starting Price

Checkmarx Editions & Modules

Additional Pricing Details

SonarQube

General

Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
No

Starting Price

$0

SonarQube Editions & Modules

Edition
CommunityFree
Developer EDITIONStarts at $1502
Enterprise EDITIONStarts at $20,0003
Data Center EDITIONStarts at $130,0004
  1. none
  2. 100,000 Lines of Code
  3. 1 Million Lines of Code
  4. 20 Million Lines of Code
Additional Pricing Details

Support Rating

Checkmarx

No score
No answers yet
No answers on this topic

SonarQube

SonarQube 9.0
Based on 2 answers
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 2 answers on this topic

Alternatives Considered

Checkmarx

We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, developers can make a note of what should be avoided in the future. Overall, it's a great tool and would be a good investment to make.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 2 answers on this topic

SonarQube

I personally evaluated klocwork in a previous company and it worked well for Static Code Analysis for C++ applications but the Java support was not as good as SonarQube. Also the overall tooling and integrations provided by SonarQube is stellar and very other competitors can provide such services and IDE integrations.The output results from SonarQube tests can be easily read, including by other services for automation purposes, and creating reports for audits or other teams is nice and easy.

Read full review

Daniel Anjos | TrustRadius Reviewer
Daniel Anjos
View all 15 answers on this topic

Return on Investment

Checkmarx

  • Improved ability to provide high level of IA confidence
  • Improved confidence in application-level security

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 2 answers on this topic

SonarQube

  • Our client is quite pleased with the demonstration of this tools
  • Our organisation is using a community edition right now but is planning to migrate to a enterprise version to use it commercially.
  • It is quite a costly tool but our organisation is willing to buy it for its enhanced features and security

Read full review

Arush Soel | TrustRadius Reviewer
Arush Soel
View all 15 answers on this topic

Add comparison