Try our new research platform with insights from 80,000+ expert users

Automox vs Checkmarx One comparison

Automox and Checkmarx are both solutions in the Vulnerability Management category. Automox is ranked #34 with an average rating of 10.0, while Checkmarx is ranked #16 with an average rating of 8.2. Automox holds a 0.5% mindshare in VM, compared to Checkmarx’s 1.3% mindshare. Additionally, 100% of Automox users are willing to recommend the solution, compared to 88% of Checkmarx users who would recommend it.
Sponsored
Zafran Security
Read 6 Zafran Security reviews
  • 3,470 Views
  • 2,533 Comparison Views
100% willing to recommend
Automox
Read 11 Automox reviews
  • 1,949 Views
  • 682 Comparison Views
100% willing to recommend
Checkmarx One
Read 81 Checkmarx One reviews
  • 17,957 Views
  • 1,437 Comparison Views
88% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 9, 2024

Checkmarx One and Automox are cybersecurity solutions that protect different IT infrastructure aspects. Automox has the upper hand due to its robust features, despite Checkmarx One's favorable pricing and support satisfaction.

Features: Checkmarx One provides software security testing capabilities, including static and dynamic application security testing, identifying vulnerabilities, and offering code review tools. Automox offers endpoint management features, such as patch management, configuration enforcement, and security policy compliance, providing a broader endpoint protection suite.

Room for Improvement: Checkmarx One can improve in terms of initial setup complexity, integration with existing systems, and expanding real-time monitoring features. Automox could enhance advanced threat detection, multi-platform support, and reporting capabilities to provide more comprehensive insights.

Ease of Deployment and Customer Service: Automox's cloud-native platform allows quick deployment with minimal infrastructure needs, supported by strong customer service. Checkmarx One also offers cloud-based deployment but may require more intricate setup due to its sophisticated testing suite, although support is well-regarded.

Pricing and ROI: Checkmarx One generally offers competitive pricing, seen as favorable relative to setup costs. The return on investment is more evident with Automox due to its efficient endpoint management and automation capabilities. Despite higher pricing, Automox’s ROI is justified, especially for organizations prioritizing endpoint security and compliance.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Automox vs. Checkmarx One Report (Updated: December 2025).
Buyer's Guide
Automox vs. Checkmarx One
December 2025
Download the complete report
Helped 881,114 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
18th
Average Rating
9.6
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (3rd)
Automox
Ranking in Vulnerability Management
34th
Average Rating
9.0
Reviews Sentiment
2.4
Number of Reviews
11
Ranking in other categories
Endpoint Protection Platform (EPP) (39th), Enterprise Mobility Management (EMM) (12th), Patch Management (13th)
Checkmarx One
Ranking in Vulnerability Management
16th
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
81
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Container Security (15th), Static Code Analysis (2nd), API Security (3rd), Dynamic Application Security Testing (DAST) (2nd), DevSecOps (3rd), Risk-Based Vulnerability Management (8th), Application Security Posture Management (ASPM) (3rd), AI Security (2nd)
 

Mindshare comparison

As of January 2026, in the Vulnerability Management category, the mindshare of Zafran Security is 1.1%, up from 0.2% compared to the previous year. The mindshare of Automox is 0.5%, down from 0.7% compared to the previous year. The mindshare of Checkmarx One is 1.3%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Market Share Distribution
ProductMarket Share (%)
Checkmarx One1.3%
Zafran Security1.1%
Automox0.5%
Other97.1%
Vulnerability Management
 

Featured Reviews

Reviewer6233 - PeerSpot reviewer
Reviewer6233
Works at a healthcare company with 10,001+ employees
Has become an indispensable tool in our cybersecurity arsenal
While Zafran Security is already a powerful tool, there are areas where it could be further improved to provide even greater value. One key area for enhancement is the searching capabilities within its vulnerabilities module. By incorporating the ability to create Boolean searches, users would gain the ability to apply more complex filters and customize their search criteria. This would greatly enhance the precision and efficiency with which security teams can identify and prioritize vulnerabilities. Having such tailored search capabilities would save time and resources by narrowing down vast lists of vulnerabilities to those that meet specific parameters relevant to our unique risk environment. Additionally, integrating more robust reporting and visualization tools would be advantageous. Enhanced dashboards that offer customizable visual representations of risk configurations and threat landscapes would facilitate better communication with stakeholders, making it easier to explain vulnerabilities and the rationale behind certain security measures. This would also aid in demonstrating the improvements and value derived from existing security investments to leadership and non-technical team members.
Read full review
RA
Robert Araya
Network & Security Administrator at a legal firm with 51-200 employees
Provides real-time application updates with exceptional support
Some of the better features with Automox include its nice GUI, which looks intuitive, and it doesn't have a huge learning curve. Automox's real-time visibility and control through its intuitive dashboard is important for our response to emerging threats because it tells us which applications need to be updated on a real-time basis.
Read full review
Shahzad Shahzad - PeerSpot reviewer
Shahzad Shahzad
Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution
Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance
Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Zafran is an excellent tool."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"With Zafran Security, it integrates with your security controls, allowing you to take that risk score and reduce it based on the controls in place or increase the risk based on different factors, such as if the issue is internet reachable or if there's an exploit in the wild."
"Overall, we have seen about eighty-seven percent reduction of the number of vulnerabilities that require urgency to remediate, specifically the number of criticals."
"We saw benefits from Zafran Security almost immediately after deploying it."
"It's easy to deploy agents to endpoints."
"Among the most valuable features are its ease of use and the Worklets. Both of them are time-savers. Worklets enable us to customize things for a given environment. It's something like when Apple lets other people create applications. Other peoples' Worklets can be used in our environment and in our customers' environments. That saves a lot of time, and it's really cool."
"Previously, we would run a report, scan it, and compare it. We were spending 15 to 30 minutes a month on each machine on this stuff because you would find stuff that wasn't up to date, then you had to fix it. This solution takes that time down to minutes. Automox saves us easily many hours a month."
"The biggest improvement to our organization involves the reduction in its man hours... We've probably saved hundreds of hours."
"Automox's real-time visibility and control through its intuitive dashboard is important for our response to emerging threats because it tells us which applications need to be updated on a real-time basis."
"Its flexibility is most valuable."
"It's super easy to use and we haven't found anything easier."
"They've been adding some new features lately, which I'm not nearly as familiar with, but the ability to just deploy patches and exempt certain machines from certain patches is helpful. For instance, for our servers, we may not want to roll out zero-day patches. We are able to exempt those and make sure that they don't get those policies. We've got certain servers that have to run a particular version of Java, and being able to exempt those servers from receiving Java updates is pretty fantastic."
More Automox pros
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"Apart from software scanning, software composition scanning is valuable."
"The value you can get out of the speedy production may be worth the price tag."
"One of the most valuable features is it is flexible."
"Vulnerability details is valuable."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The administration in Checkmarx is very good."
More Checkmarx One pros
 

Cons

"I think the ability to have some enhanced reporting capabilities is something they can improve on, as they have good reports but we have asked for some specific reporting enhancements."
"The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvements."
"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"There should be better inventory capabilities. Right now, they only allow you to have insight into software out-of-the-box. It would be nice to also extend that into custom inventory that can be modified and managed by the practitioner."
"It should have integrated workstation access. So, there should be a remote desktop feature."
"We would like to see additional detailed reporting for Service providers like us. We had to build our own reports via their APIs to meet our needs."
"When we bring on a new client, we need to go into that client and manually set up my account, my chief engineer's account, three technicians' accounts, and a billing person's account all over again, which is annoying. We have probably up to 15 or 16 of our clients on Automox now. For every single one of those, we have had to go in and set this up. Then, if anything changes, we have to remember to go to Automox and change it 15 or 16 times. So, we just want inheritable permissions, and that is it. We have talked to them about this, and they are like, "Yeah, we hear a lot of complaints about it." I am thinking, "Guys, I have been complaining about this for a year and a half. When are you going to do it?" It must be some tricky thing or not an easy fix, because I can only assume if it were easy, then they would have done it by now."
"As concerns the patching concepts, there's a bit of a learning curve in terms of working out how Automox wants you to work within the console, not only splitting up everything into groups, but then having the various policies assigned."
"The biggest area they need to fix, without a doubt, is the ability to copy and sync profiles and worklets between all of the organizations you manage, and the ability to have top-level user access control across all of the companies that you manage."
"The only thing that we've ever truly wanted is an onsite repository. Currently, all updates are provided directly from the internet. So, if you have 1,000 devices, all 1,000 devices go directly out to the internet. We would love the option of being able to put the updates on local storage so that we're not consuming as much bandwidth. That is literally the only thing that we've ever wanted."
"The stability has come a long way from what it was like when it started and now it's really good."
More Automox cons
"The integration could improve by including, for example, DevSecOps."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Checkmarx is not good because it has too many false positive issues."
"Implementing a blackout time for any user or teams: Needs improvement."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"I would like to see the rate of false positives reduced."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
More Checkmarx One cons
 

Pricing and Cost Advice

Information not available
"Automox just charges us a set amount per user, per month, for using the product. That is very important to us. Because it's a cloud-native solution, you're saving on the cost of hosting an on-premises solution on your servers."
"The cost is very reasonable compared to the competition."
"The pricing and licensing costs have been great for us... My advice to others who are evaluating or thinking of implementing Automox is to give it a shot. If a free trial is still available, definitely use it, because it makes life a lot easier."
"Its licensing for a year was nine grand. There was no additional fee."
"The product is a great value."
"There are no additional costs in addition to the extended licensing fees with Automox. You get your support and your per endpoint license with what you purchased."
"We're doing it annually directly through Automox. It is per endpoint. It is $2 and some change per endpoint, but I believe the cost is right around $28,000. Everything is covered in this fee."
"We are on the premium licensing, which is the one that has the API capability that we use."
More Automox pricing and cost advice
"It's relatively expensive."
"The solution is costly."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"It is the right price for quality delivery."
"For around 250 users or committers, the cost is approximately $500,000."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
More Checkmarx One pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
See recommendations
881,114 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
11%
Manufacturing Company
8%
Computer Software Company
8%
Outsourcing Company
6%
Government
9%
Computer Software Company
8%
Manufacturing Company
7%
Financial Services Firm
6%
Financial Services Firm
18%
Manufacturing Company
10%
Computer Software Company
10%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise3
Large Enterprise1
By reviewers
Company SizeCount
Small Business32
Midsize Enterprise9
Large Enterprise46
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Since we stood Zafran Security up in our private cloud, we handle the maintenance on our side. As we opted not to use...
See all answers
What needs improvement with Zafran Security?
In terms of areas for improvement, Zafran Security is doing a really great job as a new and emerging company. Oftenti...
See all answers
What is your primary use case for Zafran Security?
My use cases for Zafran Security revolve around two primary areas. One is around vulnerability management and priorit...
See all answers
What needs improvement with Automox?
I wouldn't be able to tell you how Automox can be improved; it seems to work very nicely already.
See all answers
What is your primary use case for Automox?
We use Automox to maintain the software on all our computers. We were using Qualys before and we're still using it, b...
See all answers
What advice do you have for others considering Automox?
Since switching over from Qualys, we have seen no positive impacts for our organization other than being able to upda...
See all answers
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additi...
See all answers
 

Comparisons

Wiz Code vs Zafran Security Logo
Wiz Code vs Zafran Security
Compared 24% of the time
Tenable Vulnerability Management vs Zafran Security Logo
Tenable Vulnerability Management vs Zafran Security
Compared 10% of the time
Vulcan Cyber vs Zafran Security Logo
Vulcan Cyber vs Zafran Security
Compared 10% of the time
Nucleus vs Zafran Security Logo
Nucleus vs Zafran Security
Compared 8% of the time
Qualys VMDR vs Zafran Security Logo
Qualys VMDR vs Zafran Security
Compared 6% of the time
More Zafran Security Competitors
Microsoft Intune vs Automox Logo
Microsoft Intune vs Automox
Compared 13% of the time
NinjaOne vs Automox Logo
NinjaOne vs Automox
Compared 12% of the time
Tanium vs Automox Logo
Tanium vs Automox
Compared 10% of the time
Microsoft Configuration Manager vs Automox Logo
Microsoft Configuration Manager vs Automox
Compared 8% of the time
Microsoft Windows Server Update Services vs Automox Logo
Microsoft Windows Server Update Services vs Automox
Compared 8% of the time
More Automox Competitors
SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
Compared 48% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 5% of the time
Checkmarx SAST vs Checkmarx One Logo
Checkmarx SAST vs Checkmarx One
Compared 4% of the time
OpenText Core Application Security vs Checkmarx One Logo
OpenText Core Application Security vs Checkmarx One
Compared 3% of the time
OWASP Zap vs Checkmarx One Logo
OWASP Zap vs Checkmarx One
Compared 2% of the time
More Checkmarx One Competitors
 

Product Reports

Buyer's Guide
Zafran Security
January 2026
Zafran Security reportDownload Zafran Security product report
Buyer's Guide
Automox
January 2026
Automox reportDownload Automox product report
Buyer's Guide
Checkmarx One
January 2026
Checkmarx One reportDownload Checkmarx One product report
 

Overview

Zafran Security integrates with existing security tools to identify and mitigate vulnerabilities effectively, proving that most critical vulnerabilities are not exploitable, optimizing threat management.

Zafran Security introduces an innovative operating model for managing security threats and vulnerabilities. By leveraging the threat exposure management platform, it pinpoints and prioritizes exploitable vulnerabilities, reducing risk through immediate remediation. This platform enhances your hybrid cloud security by normalizing vulnerability signals and integrating specific IT context data, such as CVE runtime presence and internet asset reachability, into its analysis. No longer reliant on patch windows, Zafran Security allows you to manage risks actively.

What are the key features of Zafran Security?

  • Threat Exposure Management: Utilizes existing tools to prioritize vulnerabilities and manage threats.
  • Integrative Analysis: Combines security data with IT context for precise vulnerability management.
  • Real-time Risk Reduction: Enables immediate risk management without waiting for patches.
  • Hybrid Cloud Compatibility: Functions across diverse cloud environments for comprehensive security.

What benefits can users expect from Zafran Security?

  • Improved Security: Enhances protection by efficiently identifying and mitigating risks.
  • Cost Efficiency: Reduces unnecessary patching expenses by confirming non-exploitable vulnerabilities.
  • Time Savings: Frees developers to focus on root causes by handling immediate threats.
  • Comprehensive Insight: Offers a holistic view of security threats and vulnerabilities.

In industries where security is paramount, such as finance and healthcare, Zafran Security provides invaluable protection by ensuring that only exploitable vulnerabilities are addressed. It allows entities to maintain robust security measures while allocating resources efficiently, fitting seamlessly into existing security strategies.

Zafran Security

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Automox

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx
 

Sample Customers

Information Not Available
Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Buyer's Guide
Automox vs. Checkmarx One
December 2025
Free Report: Automox vs. Checkmarx One
Find out what your peers are saying about Automox vs. Checkmarx One and other solutions. Updated: December 2025.
DOWNLOAD NOW
881,114 professionals have used our research since 2012.
See our Automox vs. Checkmarx One report.
See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.