We performed a comparison between Checkmarx One and CodeSonar based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Helps us check vulnerabilities in our SAP Fiori application."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"Scan reviews can occur during the development lifecycle."
"The solution allows us to create custom rules for code checks."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"It has been able to scale."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"The tool is very good for detecting memory leaks."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"There is nice functionality for code surfing and browsing."
"CodeSonar’s most valuable feature is finding security threats."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Updating and debugging of queries is not very convenient."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"It is an expensive solution."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"The scanning tool for core architecture could be improved."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"It was expensive."
"There could be a shared licensing model for the users."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while CodeSonar is ranked 21st in Application Security Tools with 7 reviews. Checkmarx One is rated 7.6, while CodeSonar is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas CodeSonar is most compared with SonarQube, Coverity, Klocwork, Polyspace Code Prover and Semgrep Code. See our Checkmarx One vs. CodeSonar report.
See our list of best Application Security Tools vendors and best Static Code Analysis vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.