We performed a comparison between Checkmarx One and Qualys VMDR based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management."The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"Less false positive errors as compared to any other solution."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The most valuable features are vulnerability detection and the scanning capability to enable identification of vulnerabilities across our network."
"It's really beneficial for scanning and interacting with the agent."
"The most valuable feature of Qualys Container Security is the detailed information in the reports and the remediation. This is done to make sure there are no vulnerabilities."
"Monitors workstations and servers for vulnerabilities and creates reports."
"The most valuable feature is the ability to run different capabilities with the same agent. With only one agent, we can have EDR, vulnerability management, compliance and some basic SaaS security capabilities."
"It's a good product. After the scan our internet works well. It scans our security posture."
"The most valuable feature of the solution is the external channel."
"I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned. I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first. I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report. The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"I would like to see the tool’s pricing improved."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"Checkmarx could improve the REST APIs by including automation."
"Checkmarx could improve the speed of the scans."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"The validation process needs to be sped up."
"Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems."
"Sometimes the scanning can get overwhelmed and start to drag when a lot of users are trying to scan at once."
"Endpoint stability and fault resolution could be improved."
"They have integrated with other third parties, but it is still not viable."
"It is more expensive vs. other products on the market."
"I would like to have CSPM, a continuous scan-like cloud added to the solution."
"Could use additional security for the app."
"We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at."
Checkmarx One is ranked 5th in Risk-Based Vulnerability Management with 67 reviews while Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews. Checkmarx One is rated 7.6, while Qualys VMDR is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management.
See our list of best Risk-Based Vulnerability Management vendors.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.