Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Qualys VMDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 29, 2024
 

Categories and Ranking

Checkmarx One
Ranking in Vulnerability Management
16th
Ranking in Risk-Based Vulnerability Management
5th
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd)
Qualys VMDR
Ranking in Vulnerability Management
2nd
Ranking in Risk-Based Vulnerability Management
3rd
Average Rating
8.2
Number of Reviews
85
Ranking in other categories
IT Asset Management (4th), Configuration Management Databases (3rd), Container Security (10th)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Harold Jensen - PeerSpot reviewer
Jul 13, 2023
Good visibility but expensive and needs better support
Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The UI is user-friendly."
"The user interface is excellent. It's very user friendly."
"The value you can get out of the speedy production may be worth the price tag."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"Our static operation security has been able to identify more security issues since implementing this solution."
"Technical support is great and we've never really had a problem."
"The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks."
"The product's patch management is excellent for keeping our critical servers and third-party applications updated efficiently."
"Performs automated, regular scans in the network."
"The platform's most valuable features include its robust vulnerability detection capabilities and automated remediation workflows."
"Qualys VM has allowed us to know the vulnerabilities we need to prioritize based on the threat levels and the possible impact if there's an intrusion."
"The most valuable features of Qualys VM are its ability to do proper vulnerability assessment. It has a lot of updates for all the vulnerability databases from all over the globe. It's an amazing solution when it comes to the versatility of the features it has. Additionally, the reports are very good. It generates very detailed reports about the vulnerabilities inside the environment"
"The most valuable feature of Qualys Container Security is the detailed information in the reports and the remediation. This is done to make sure there are no vulnerabilities."
 

Cons

"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"The cost per user is high and should be reduced."
"They could work to improve the user interface. Right now, it really is lacking."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"The validation process needs to be sped up."
"I would like to see the rate of false positives reduced."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"It is more expensive vs. other products on the market."
"Qualys VM's machine learning and artificial intelligence features could be improved."
"Qualys VMDR is basically susceptible to false positives, and false negatives."
"The reporting needs improvement. It should generate much more stuff like field reports."
"The disadvantage of working with Qualys is that the graphical interface is quite outdated."
"Qualys VM should improve its methodology."
"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."
"It would be nice to have an all-in-one solution that was automated and could handle the scanning and reports as well as the patching and updating."
 

Pricing and Cost Advice

"The tool's pricing is fine."
"The solution is costly."
"We have purchased an annual license to use this solution. The price is reasonable."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"The solution is costly."
"The price is very reasonable."
"Qualys Virtual Scanner Appliance isn't expensive right now. But the price for their product bundles could be better."
"Usually every implementation is different and the quote is in function of number of assets."
"The product is more expensive than that of any other vendor."
"Qualys is a pay-as-you-go model, so there's flexibility to the pricing."
"The solution is reasonably priced for the value it provides."
"They have recently changed the pricing model, which is now better than it was before."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
812,580 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Educational Organization
35%
Computer Software Company
11%
Financial Services Firm
10%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx is not a cheap solution. For around 250 users or committers, the cost is approximately $500,000. However, the investment is justified considering the potential costs of security breaches ...
What is your primary use case for Qualys VM?
Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the ...
What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even ...
What is your experience regarding pricing and costs for Qualys VMDR?
Compared to Tenable, Qualys is quite expensive. However, its performance justifies the cost, making it a worthwhile investment.
 

Comparisons

 

Also Known As

No data available
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
 

Learn More

 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
Find out what your peers are saying about Checkmarx One vs. Qualys VMDR and other solutions. Updated: September 2024.
812,580 professionals have used our research since 2012.