Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs IBM Guardium Vulnerability Assessment comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
18th
Average Rating
9.6
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (2nd)
Checkmarx One
Ranking in Vulnerability Management
24th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Static Code Analysis (3rd), API Security (5th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
IBM Guardium Vulnerability ...
Ranking in Vulnerability Management
45th
Average Rating
6.0
Reviews Sentiment
8.1
Number of Reviews
4
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Vulnerability Management category, the mindshare of Zafran Security is 0.8%, up from 0.0% compared to the previous year. The mindshare of Checkmarx One is 0.8%, up from 0.4% compared to the previous year. The mindshare of IBM Guardium Vulnerability Assessment is 0.5%, down from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
SL
Improvements sought in database optimization while benefiting from robust security monitoring
We use the analytical functionality of Guardium, but the analytical functionality is not so powerful or flexible because it does not include the application user ID. It only includes the database user ID. To identify risky users, it does not support end users, so IBM must incorporate this feature into the built-in analytical engine of the Guardium. There is only one problem I experienced while using Guardium: the internal database of the collector is MySQL, which is not so powerful or flexible. When you make a query in a MySQL database, it takes too much time to respond. IBM should replace this MySQL database with a more powerful internal database for the logging mechanism so that Guardium can collect logging data flexibly and ensure optimization. My overall experience with Guardium is good. The only problem is that IBM must replace the internal DB, MySQL, with a more powerful enterprise-level database because enterprises use it at an enterprise level, and MySQL does not support optimally.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"We saw benefits from Zafran Security almost immediately after deploying it."
"Overall, we have seen about eighty-seven percent reduction of the number of vulnerabilities that require urgency to remediate, specifically the number of criticals."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"Checkmarx offers many valuable features, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IAC), Supply Chain Security, and API Security."
"Both automatic and manual code review (CxQL) are valuable."
"The solution communicates where to fix the issue for the purpose of less iterations."
"Less false positive errors as compared to any other solution."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The most valuable feature is that it provides a simple English recommendation on actions that you need to take once a vulnerability is discovered."
"The Vulnerability Assessment feature is quite stable and helps identify numerous vulnerabilities in databases."
"The reporting features are good and there are many built-in reports that can be quickly configured."
"It helped with some of the regulatory requirements. It also helped with some of the security analytics and analysis. It was worthwhile from that perspective."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvements."
"I think the ability to have some enhanced reporting capabilities is something they can improve on, as they have good reports but we have asked for some specific reporting enhancements."
"Implementing a blackout time for any user or teams: Needs improvement."
"If it is a very large code base then we have a problem where we cannot scan it."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"Some were valid and some were not applicable for us based on the scenario."
"I can't create a business case with multiple-factor authentication."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"Micro-services need to be included in the next release."
"It was not as easy to use. The user-friendliness of it was somewhat lower than what I was expecting. It was also lacking in terms of the ease of the setup. There should be an automatic agent for deployment."
"There is only one problem I experienced while using Guardium: the internal database of the collector is MySQL, which is not so powerful or flexible."
"Building policies is not that easy. There are some things that are turned off by default, for example, displaying values."
"The interface could be improved by having sub-groups of tests, ultimately making the process of collecting tests faster."
 

Pricing and Cost Advice

Information not available
"For around 250 users or committers, the cost is approximately $500,000."
"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"It's relatively expensive."
"The solution is costly."
"The interface used to create custom rules comes at an additional cost."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
"One thing not advantageous for it was that it was a little bit more expensive. I would rate it one out of five in terms of pricing."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
862,452 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
11%
Financial Services Firm
11%
Manufacturing Company
7%
Healthcare Company
6%
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
6%
Financial Services Firm
39%
Computer Software Company
8%
Insurance Company
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
The current pricing of Zafran Security is fair overall. They were good to work with to accommodate our organization w...
What needs improvement with Zafran Security?
The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvement...
What is your primary use case for Zafran Security?
Zafran Security is helping reduce the amount of critical vulnerabilities in our environments that require prompt reme...
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What needs improvement with IBM Guardium Vulnerability Assessment?
We use the analytical functionality of Guardium, but the analytical functionality is not so powerful or flexible beca...
What is your primary use case for IBM Guardium Vulnerability Assessment?
We are still using IBM Guardium Vulnerability Assessment. We only use IBM Guardium Data Protection and monitoring, da...
What advice do you have for others considering IBM Guardium Vulnerability Assessment?
We do not use IBM Guardium Vulnerability Assessment for data encryption or any other tool for analytics, or identity ...
 

Overview

 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Checkmarx One vs. IBM Guardium Vulnerability Assessment and other solutions. Updated: July 2025.
862,452 professionals have used our research since 2012.