No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx One vs Cyera comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in AI Security
3rd
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
81
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Vulnerability Management (15th), Container Security (14th), Static Code Analysis (2nd), API Security (4th), Dynamic Application Security Testing (DAST) (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (11th), Application Security Posture Management (ASPM) (3rd)
Cyera
Ranking in AI Security
11th
Average Rating
8.6
Reviews Sentiment
7.7
Number of Reviews
4
Ranking in other categories
Data Loss Prevention (DLP) (9th), Data Governance (23rd), Data Security Posture Management (DSPM) (9th), AI Data Analysis (15th)
 

Mindshare comparison

As of July 2026, in the AI Security category, the mindshare of Checkmarx One is 1.5%, down from 3.5% compared to the previous year. The mindshare of Cyera is 1.4%, down from 10.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
AI Security Mindshare Distribution
ProductMindshare (%)
Checkmarx One1.5%
Cyera1.4%
Other97.1%
AI Security
 

Featured Reviews

Shahzad Shahzad - PeerSpot reviewer
Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution
Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance
Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.
reviewer2795301 - PeerSpot reviewer
Vice President, Compliance at a manufacturing company with 1-10 employees
Data discovery has accelerated and now drives faster classification and compliance mapping
The best features Cyera offers include agentless discovery and sampling as well as AI ML-based classifications. I find myself relying on the sampling the most, which makes everything really fast, but also the auto-classification and ML-based functionalities. The main thing that stands out to me and my team about the features is the speed of integration and how fast it does the discovery on the data. Once it discovers the data, it also maps it back to a ton of compliance frameworks and best practices that I can use to operationalize. Cyera has positively impacted my organization by allowing me to identify the highest risk areas but also provide better classification of data, which then leads to better data pillar maturity. Cyera has accomplished all three outcomes: saving time, reducing risk, and improving compliance scores, as the speed at which it discovers data was significantly faster.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile, and if the code has dependencies or build errors the scan fails, while with Checkmarx pre-compile scanning is seamless and allows us to scan more code."
"The main thing we find valuable about Checkmarx is the ease of use, as it's easy to initiate scans and triage defects."
"Vulnerability details is valuable."
"We have used this product to verify the dev department's code in order to minimize security holes."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"It is a stable product."
"Cyera has positively impacted my organization by allowing me to identify the highest risk areas but also provide better classification of data, which then leads to better data pillar maturity."
"Cyera has an inbuilt set of policies implemented towards data security, especially cohering with Data Security Posture Management (DSPM)."
"The data discovery, data classification, and CSPM features are most valuable."
"I like how they model the data. They find data in different places that we didn't know, and they can give us a good idea if it's sensitive or not. They understand whether or not something is in the right region because, with the cloud posture management tool, we could see certain things in the infrastructure, but the way they dig into the data is what we like."
 

Cons

"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"We felt like we were the extended quality organization for Checkmarx as they frequently released poor quality patches that broke the existing functionality."
"Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context."
"Presently they support micro-services, but the supporting methodology of the micro-services is not good enough at the moment."
"I would like to see the tool’s pricing improved."
"I would like to see the DAST solution in the future."
"They need to add a few things in the UI from an enterprise perspective. It's more along the lines of being able to self-service, have integrations, build alerts, and things like that. Outside of that, they work with us on the API and getting alerts into our SIEM and things like that. There's always a way to do something, and they're always available, which is nice."
"As a startup company, there is a long way for them to go in terms of scalability."
"The licensing initially was tricky because it is based on storage as well as user count."
"There is room for improvement in making Cyera more user-friendly. Some parts were difficult to navigate, especially for those new to the IT industry."
 

Pricing and Cost Advice

"It is a good product but a little overpriced."
"The tool's pricing is fine."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"We have purchased an annual license to use this solution. The price is reasonable."
"This solution is expensive. The customized package allows you to buy additional users at any time."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"I don't know how much exactly it costs, but I know that it's a yearly thing. It's something that will cost money for any company because they're storing all this information. They're doing all this machine learning, and there are a lot of services on their backend that they got to pay for. I'm sure it gets translated back to the customers unless you have everything completely on-prem. If you're not doing much in the cloud, then I could see how it'd be cheaper, but if you have anything that's cloud-hosted and does all the work for you, there's going to be a cost associated with it."
"Compared to the competitors, they are very reasonable."
report
Use our free recommendation engine to learn which AI Security solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Manufacturing Company
9%
Computer Software Company
8%
Government
5%
Financial Services Firm
15%
Manufacturing Company
11%
Healthcare Company
8%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business32
Midsize Enterprise9
Large Enterprise46
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additional applications and users. I advise negotiating multi-year contracts or bundle...
What is your experience regarding pricing and costs for Cyera ?
My experience with pricing, setup cost, and licensing for Cyera was that the licensing initially was tricky because it is based on storage as well as user count. I use Cyera to actually identify ho...
What needs improvement with Cyera ?
I think the area for improvement in Cyera is probably around integration, particularly with other platforms and third-party tools. For example, I see some integration areas with leading DLP solutio...
What is your primary use case for Cyera ?
My main use case for Cyera includes data visibility, data tagging, data classification, AI assessments, and policy governance, risk, and compliance policy. For data classification, I import structu...
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Cyera's customers include the Chicago Board of Options Exchange (Cboe), Granicus, Takeda, LifeLabs, United Talent Agency, ACV Auctions, and Armis
Find out what your peers are saying about Checkmarx One vs. Cyera and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.