Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs IBM Guardium Vulnerability Assessment comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
16th
Average Rating
9.6
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (1st)
Checkmarx One
Ranking in Vulnerability Management
23rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Container Security (22nd), Static Code Analysis (3rd), API Security (5th), Dynamic Application Security Testing (DAST) (4th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
IBM Guardium Vulnerability ...
Ranking in Vulnerability Management
46th
Average Rating
6.0
Reviews Sentiment
8.1
Number of Reviews
4
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of September 2025, in the Vulnerability Management category, the mindshare of Zafran Security is 1.0%, up from 0.1% compared to the previous year. The mindshare of Checkmarx One is 0.9%, up from 0.4% compared to the previous year. The mindshare of IBM Guardium Vulnerability Assessment is 0.5%, up from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Market Share Distribution
ProductMarket Share (%)
Zafran Security1.0%
Checkmarx One0.9%
IBM Guardium Vulnerability Assessment0.5%
Other97.6%
Vulnerability Management
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
SL
Improvements sought in database optimization while benefiting from robust security monitoring
We use the analytical functionality of Guardium, but the analytical functionality is not so powerful or flexible because it does not include the application user ID. It only includes the database user ID. To identify risky users, it does not support end users, so IBM must incorporate this feature into the built-in analytical engine of the Guardium. There is only one problem I experienced while using Guardium: the internal database of the collector is MySQL, which is not so powerful or flexible. When you make a query in a MySQL database, it takes too much time to respond. IBM should replace this MySQL database with a more powerful internal database for the logging mechanism so that Guardium can collect logging data flexibly and ensure optimization. My overall experience with Guardium is good. The only problem is that IBM must replace the internal DB, MySQL, with a more powerful enterprise-level database because enterprises use it at an enterprise level, and MySQL does not support optimally.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We saw benefits from Zafran Security almost immediately after deploying it."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Overall, we have seen about eighty-seven percent reduction of the number of vulnerabilities that require urgency to remediate, specifically the number of criticals."
"Checkmarx offers many valuable features, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IAC), Supply Chain Security, and API Security."
"The setup is fairly easy. We didn't struggle with the process at all."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The UI is very intuitive and simple to use."
"The solution is scalable, but other solutions are better."
"The solution allows us to create custom rules for code checks."
"Helps us check vulnerabilities in our SAP Fiori application."
"The SAST component was absolutely 100% stable."
"The reporting features are good and there are many built-in reports that can be quickly configured."
"The most valuable feature is that it provides a simple English recommendation on actions that you need to take once a vulnerability is discovered."
"The Vulnerability Assessment feature is quite stable and helps identify numerous vulnerabilities in databases."
"It helped with some of the regulatory requirements. It also helped with some of the security analytics and analysis. It was worthwhile from that perspective."
 

Cons

"The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvements."
"I think the ability to have some enhanced reporting capabilities is something they can improve on, as they have good reports but we have asked for some specific reporting enhancements."
"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"Checkmarx could be improved with more integration with third-party software."
"Checkmarx is not good because it has too many false positive issues."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"Some were valid and some were not applicable for us based on the scenario."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"The pricing can get a bit expensive, depending on the company's size."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"The interface could be improved by having sub-groups of tests, ultimately making the process of collecting tests faster."
"Building policies is not that easy. There are some things that are turned off by default, for example, displaying values."
"There is only one problem I experienced while using Guardium: the internal database of the collector is MySQL, which is not so powerful or flexible."
"It was not as easy to use. The user-friendliness of it was somewhat lower than what I was expecting. It was also lacking in terms of the ease of the setup. There should be an automatic agent for deployment."
 

Pricing and Cost Advice

Information not available
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"It is an expensive solution."
"We have purchased an annual license to use this solution. The price is reasonable."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"For around 250 users or committers, the cost is approximately $500,000."
"One thing not advantageous for it was that it was a little bit more expensive. I would rate it one out of five in terms of pricing."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
867,676 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
11%
Computer Software Company
10%
Manufacturing Company
7%
Government
6%
Financial Services Firm
20%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
Financial Services Firm
37%
Manufacturing Company
7%
Insurance Company
7%
Computer Software Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise9
Large Enterprise38
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Since we stood Zafran Security up in our private cloud, we handle the maintenance on our side. As we opted not to use...
What needs improvement with Zafran Security?
In terms of areas for improvement, Zafran Security is doing a really great job as a new and emerging company. Oftenti...
What is your primary use case for Zafran Security?
My use cases for Zafran Security revolve around two primary areas. One is around vulnerability management and priorit...
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What needs improvement with IBM Guardium Vulnerability Assessment?
We use the analytical functionality of Guardium, but the analytical functionality is not so powerful or flexible beca...
What is your primary use case for IBM Guardium Vulnerability Assessment?
We are still using IBM Guardium Vulnerability Assessment. We only use IBM Guardium Data Protection and monitoring, da...
What advice do you have for others considering IBM Guardium Vulnerability Assessment?
We do not use IBM Guardium Vulnerability Assessment for data encryption or any other tool for analytics, or identity ...
 

Overview

 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Checkmarx One vs. IBM Guardium Vulnerability Assessment and other solutions. Updated: September 2025.
867,676 professionals have used our research since 2012.