Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Orca Security comparison

Checkmarx and Orca Security are both solutions in the Vulnerability Management category. Checkmarx is ranked #22 with an average rating of 8.3, while Orca Security is ranked #15 with an average rating of 8.6. Checkmarx holds a 1.2% mindshare in VM, compared to Orca Security’s 3.7% mindshare. Additionally, 87% of Checkmarx users are willing to recommend the solution, compared to 100% of Orca Security users who would recommend it.
Sponsored
Zafran Security
Read 6 Zafran Security reviews
  • 2,926 Views
  • 2,136 Comparison Views
100% willing to recommend
Checkmarx One
Read 71 Checkmarx One reviews
  • 18,550 Views
  • 1,299 Comparison Views
87% willing to recommend
Orca Security
Read 21 Orca Security reviews
  • 7,521 Views
  • 4,588 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 9, 2024

Checkmarx One and Orca Security are leading solutions in detecting and managing security vulnerabilities, particularly in software development and cloud environments. Checkmarx One appears to have an edge with its comprehensive code analysis tools while Orca Security offers unique cloud environment visibility.

Features: Checkmarx One provides robust tools such as SAST to detect vulnerabilities without code compilation and supports various programming languages with integration into major repositories. Orca Security features agentless SideScanning technology, enhancing visibility in cloud environments and excels in cloud security posture management.

Room for Improvement: Checkmarx One could benefit from reducing false positives, expanding its language support, and improving integration capabilities and pricing models. Orca Security may improve by enhancing data center capabilities, offering more automatic remediation options, and easing third-party tool integration.

Ease of Deployment and Customer Service: Checkmarx One offers flexible deployment, including on-premises and hybrid cloud, with mixed reviews on response times and pricing clarity. Orca Security is designed for public cloud environments with agentless integration, receiving praise for its responsive customer support.

Pricing and ROI: Checkmarx One is a significant investment with substantial ROI from early issue detection, though users desire a more transparent licensing model. Orca Security is less expensive than some competitors with its cloud workload pricing model, though considered high for smaller companies. Both emphasize security investment with ROI from improved protection and efficiency.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Checkmarx One vs. Orca Security Report (Updated: October 2025).
Buyer's Guide
Checkmarx One vs. Orca Security
October 2025
Download the complete report
Helped 872,706 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
17th
Average Rating
9.6
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (1st)
Checkmarx One
Ranking in Vulnerability Management
22nd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Container Security (23rd), Static Code Analysis (3rd), API Security (6th), Dynamic Application Security Testing (DAST) (4th), DevSecOps (5th), Risk-Based Vulnerability Management (10th), Application Security Posture Management (ASPM) (3rd)
Orca Security
Ranking in Vulnerability Management
15th
Average Rating
9.0
Reviews Sentiment
7.8
Number of Reviews
21
Ranking in other categories
Container Security (18th), Cloud Workload Protection Platforms (CWPP) (10th), API Security (8th), Cloud Security Posture Management (CSPM) (11th), Cloud-Native Application Protection Platforms (CNAPP) (7th), Data Security Posture Management (DSPM) (9th), Cloud Detection and Response (CDR) (3rd)
 

Mindshare comparison

As of October 2025, in the Vulnerability Management category, the mindshare of Zafran Security is 1.0%, up from 0.1% compared to the previous year. The mindshare of Checkmarx One is 1.2%, up from 1.2% compared to the previous year. The mindshare of Orca Security is 3.7%, down from 4.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Market Share Distribution
ProductMarket Share (%)
Orca Security3.7%
Zafran Security1.0%
Checkmarx One1.2%
Other94.1%
Vulnerability Management
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Read full review
Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
Read full review
CHINTAN MEHTA - PeerSpot reviewer
Consolidating security tools with comprehensive cloud visibility
The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected. It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Overall, we have seen about eighty-seven percent reduction of the number of vulnerabilities that require urgency to remediate, specifically the number of criticals."
"We saw benefits from Zafran Security almost immediately after deploying it."
"Zafran is an excellent tool."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Checkmarx offers many valuable features, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IAC), Supply Chain Security, and API Security."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process."
"The most valuable feature for me is the Jenkins Plugin."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The UI is very intuitive and simple to use."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
More Checkmarx One pros
"Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation."
"Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple."
"Orca provides X-ray vision into everything within the cloud properties, whereas normally, this would require multiple tools."
"The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up."
"The reporting and automated remediation capabilities are valuable to me. They're real game-changers."
"It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just scan the entire assets in the cloud."
"The initial setup is very easy."
"Another valuable feature with Orca, something that's not talked about enough, is its ability to rank your gaps and your tasks... You can get visibility with agents and there are a lot of ways to do that. But the ranking and the context across the entire environment, that is what is unique about Orca."
More Orca Security pros
 

Cons

"I think the ability to have some enhanced reporting capabilities is something they can improve on, as they have good reports but we have asked for some specific reporting enhancements."
"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvements."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"The integration could improve by including, for example, DevSecOps."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Checkmarx could improve the speed of the scans."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
More Checkmarx One cons
"Orca Security could improve its ticket creation process. Currently, it allows for creating tickets in only one bucket, which requires monitoring to redirect tickets to the appropriate team."
"I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on."
"Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable."
"There were a couple of times when Orca was down when I was trying to access it. I work strange hours because all of my team is in the UK right now. It was 2 a.m. on a Saturday and I was trying to log in but it wasn't working. But relative to my other security tools, Orca is definitely the most stable that I've seen."
"Orca Security could improve its ticket creation process."
"A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan."
"Orca needs improvement in snoozing or dismissing specific alarms. Currently, snoozing dismisses all future vulnerabilities related to a CVE."
"We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud."
More Orca Security cons
 

Pricing and Cost Advice

Information not available
"The tool's pricing is fine."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
"We have purchased an annual license to use this solution. The price is reasonable."
"It is a good product but a little overpriced."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"It's relatively expensive."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
More Checkmarx One pricing and cost advice
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
"The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest."
"I think their pricing model is aligned with market demand. Of course, Orca could probably better align their pricing model with the needs of smaller businesses as well as some larger-scale enterprises with millions of assets. But in all fairness, I think the Orca sales team has been accommodating and ensured that we're happy with the pricing."
"Overall, the pricing is reasonable and the discounts have been acceptable."
"Orca Security is cheaper compared to other solutions in the same space."
"The price is a bit expensive for smaller organizations."
"Orca is very competitive when compared to the alternatives and is not the most expensive in the market, that's for sure."
"Orca Security charges are based on cloud workloads. So, it's based on workloads. If we look at one feature, it might be expensive."
More Orca Security pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
See recommendations
872,706 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
11%
Computer Software Company
9%
Manufacturing Company
8%
Government
5%
Financial Services Firm
19%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
Computer Software Company
15%
Financial Services Firm
13%
Manufacturing Company
10%
University
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise9
Large Enterprise38
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise7
Large Enterprise5
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Since we stood Zafran Security up in our private cloud, we handle the maintenance on our side. As we opted not to use...
See all answers
What needs improvement with Zafran Security?
In terms of areas for improvement, Zafran Security is doing a really great job as a new and emerging company. Oftenti...
See all answers
What is your primary use case for Zafran Security?
My use cases for Zafran Security revolve around two primary areas. One is around vulnerability management and priorit...
See all answers
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
See all answers
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
See all answers
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
See all answers
What do you like most about Orca Security?
It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just ...
See all answers
What needs improvement with Orca Security?
I really love the way Orca Security worked. A potential improvement could be additional security features for the two...
See all answers
What is your primary use case for Orca Security?
We used Orca Security ( /products/orca-security-reviews ) for about two to three months until I left the company. The...
See all answers
 

Comparisons

Wiz Code vs Zafran Security Logo
Wiz Code vs Zafran Security
Compared 32% of the time
Vulcan Cyber vs Zafran Security Logo
Vulcan Cyber vs Zafran Security
Compared 14% of the time
Tenable Vulnerability Management vs Zafran Security Logo
Tenable Vulnerability Management vs Zafran Security
Compared 9% of the time
Qualys VMDR vs Zafran Security Logo
Qualys VMDR vs Zafran Security
Compared 7% of the time
Nucleus vs Zafran Security Logo
Nucleus vs Zafran Security
Compared 6% of the time
More Zafran Security Competitors
SonarQube Server (formerly SonarQube) vs Checkmarx One Logo
SonarQube Server (formerly SonarQube) vs Checkmarx One
Compared 45% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 7% of the time
Checkmarx SAST vs Checkmarx One Logo
Checkmarx SAST vs Checkmarx One
Compared 6% of the time
OpenText Core Application Security vs Checkmarx One Logo
OpenText Core Application Security vs Checkmarx One
Compared 4% of the time
GitHub Advanced Security vs Checkmarx One Logo
GitHub Advanced Security vs Checkmarx One
Compared 4% of the time
More Checkmarx One Competitors
Wiz vs Orca Security Logo
Wiz vs Orca Security
Compared 27% of the time
Microsoft Defender for Cloud vs Orca Security Logo
Microsoft Defender for Cloud vs Orca Security
Compared 8% of the time
Upwind vs Orca Security Logo
Upwind vs Orca Security
Compared 5% of the time
Prisma Cloud by Palo Alto Networks vs Orca Security Logo
Prisma Cloud by Palo Alto Networks vs Orca Security
Compared 5% of the time
More Orca Security Competitors
 

Product Reports

Buyer's Guide
Zafran Security
October 2025
Zafran Security reportDownload Zafran Security product report
Buyer's Guide
Checkmarx One
October 2025
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
Orca Security
October 2025
Orca Security reportDownload Orca Security product report
 

Overview

Zafran Security integrates with existing security tools to identify and mitigate vulnerabilities effectively, proving that most critical vulnerabilities are not exploitable, optimizing threat management.

Zafran Security introduces an innovative operating model for managing security threats and vulnerabilities. By leveraging the threat exposure management platform, it pinpoints and prioritizes exploitable vulnerabilities, reducing risk through immediate remediation. This platform enhances your hybrid cloud security by normalizing vulnerability signals and integrating specific IT context data, such as CVE runtime presence and internet asset reachability, into its analysis. No longer reliant on patch windows, Zafran Security allows you to manage risks actively.

What are the key features of Zafran Security?

  • Threat Exposure Management: Utilizes existing tools to prioritize vulnerabilities and manage threats.
  • Integrative Analysis: Combines security data with IT context for precise vulnerability management.
  • Real-time Risk Reduction: Enables immediate risk management without waiting for patches.
  • Hybrid Cloud Compatibility: Functions across diverse cloud environments for comprehensive security.

What benefits can users expect from Zafran Security?

  • Improved Security: Enhances protection by efficiently identifying and mitigating risks.
  • Cost Efficiency: Reduces unnecessary patching expenses by confirming non-exploitable vulnerabilities.
  • Time Savings: Frees developers to focus on root causes by handling immediate threats.
  • Comprehensive Insight: Offers a holistic view of security threats and vulnerabilities.

In industries where security is paramount, such as finance and healthcare, Zafran Security provides invaluable protection by ensuring that only exploitable vulnerabilities are addressed. It allows entities to maintain robust security measures while allocating resources efficiently, fitting seamlessly into existing security strategies.

Zafran Security

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • API security
  • Dynamic Application Security Testing (DAST)
  • Container security
  • IaC security
  • Correlation, prioritization, and risk management
  • Codebashing secure code training
  • AI security
  • Tech partnerships extending AppSec into runtime analysis
  • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Orca Security provides comprehensive security management with agentless visibility and SideScanning technology, ensuring efficient threat detection without performance impact.

Orca Security offers agentless visibility across multi-cloud environments, streamlining security management with features like SideScanning technology and centralized security tools. It focuses on automation, vulnerability management, and compliance checks, enhancing a company's security posture with real-time alerts and integrated threat detection. Its intuitive interface prioritizes critical issues, making it suitable for managing DevSecOps processes efficiently.

What are the key features of Orca Security?
  • Agentless Visibility: Gain comprehensive insights into cloud environments without deploying agents.
  • SideScanning Technology: Detect threats and vulnerabilities efficiently across platforms.
  • Comprehensive Security Management: Centralizes security across AWS, GCP, and Azure with minimal setup effort.
  • CIEM Feature: Enhances security posture with integrated identity and access management.
  • Real-Time Alerts: Provide immediate awareness of security threats and vulnerabilities.
  • Automation and Compliance: Streamline processes with automated vulnerability management and compliance checks.
What benefits and ROI should companies look for in Orca Security?
  • Centralized Management: Simplifies security operations by consolidating tools across cloud environments.
  • Improved Security Posture: Reduces alerts and manages threats effectively with detailed insights.
  • Efficient Threat Detection: Enhances response capabilities with integrated threat detection and real-time alerts.
  • Easy Deployment and Setup: Facilitates quick implementation without complex configurations.
  • Enhanced Integration: Supports seamless integration with existing security frameworks and processes.

Companies in industries such as finance, healthcare, and technology leverage Orca Security for cloud security posture management, ensuring compliance with standards and securing applications and databases. Its agentless approach provides comprehensive visibility across AWS, GCP, and Azure, enhancing risk assessment and vulnerability management without impacting asset performance.

Orca Security
 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
Buyer's Guide
Checkmarx One vs. Orca Security
October 2025
Free Report: Checkmarx One vs. Orca Security
Find out what your peers are saying about Checkmarx One vs. Orca Security and other solutions. Updated: October 2025.
DOWNLOAD NOW
872,706 professionals have used our research since 2012.
See our Checkmarx One vs. Orca Security report.
See our list of best Vulnerability Management vendors, best Container Security vendors, and best API Security vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.