Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Qualys Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.5
Organizations saw ROI with Checkmarx One via improved development speed, cost savings, and enhanced security, despite quantification challenges.
Sentiment score
2.5
Qualys Web Application Scanning delivers positive ROI, competitive licensing, scalability, and reduces failure rates with 70% time-saving automation.
 

Customer Service

Sentiment score
7.1
Checkmarx One offers fast, expert support, though some users note resolution delays and additional support charges.
Sentiment score
3.8
Customer service is generally positive but inconsistent, with some noting efficiency while others suggest improvements in speed and engagement.
They have various options in the vulnerability management process, and when we initially bought our license, we didn't realize we needed PCI for better results, which isn't included in the default configurations.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
 

Scalability Issues

Sentiment score
7.1
Checkmarx One excels in scalability, integration, and automation, efficiently managing various organizational sizes though licensing can be restrictive.
Sentiment score
7.2
Qualys Web Application Scanning offers scalable cloud integration but faces challenges with concurrent scan limits and report limitations.
It produces similar vulnerability results as other tools such as Nessus based on version checks instead of real impact checks.
It is licensed for assets, so we just contact the team for additional licenses if needed.
At one point, there was a limitation on reporting for 100,000 assets at a time.
 

Stability Issues

Sentiment score
7.2
Checkmarx One is reliable with some performance issues during large scans; user ratings vary from six to ten.
Sentiment score
7.9
Users praise Qualys Web Application Scanning for its stability, reliability, minimal bugs, and consistently high-performance ratings.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
 

Room For Improvement

Checkmarx One needs enhanced false positive reduction, language support, CD integration, pricing, UI, reporting, and automation improvements.
Qualys Web Application Scanning needs improvements in detection, usability, integration, performance, pricing, and feature set to compete effectively.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
Qualys Web Application Scanning does IP-level testing, requiring direct input of credentials, and can only scan a few pages to provide known generic vulnerabilities.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
 

Setup Cost

Checkmarx One offers high quality and performance, though its pricing varies and is often seen as expensive yet competitive.
Qualys Web Application Scanning offers flexible, negotiable pricing, deemed cost-effective but pricey, with discounts for bulk orders.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
Regarding pricing, I think for personal use, it is costly, but if organizations are ready to pay, then it is fine as they are using it.
 

Valuable Features

Checkmarx One provides comprehensive vulnerability analysis with intuitive features, efficient reporting, CI/CD integration, and extensive language support.
Qualys Web Application Scanning offers efficient vulnerability management with Selenium IDE integration, real-time monitoring, and comprehensive security features.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities.
Qualys Web Application Scanning is accurate and provides minimal false positives.
 

Categories and Ranking

Checkmarx One
Ranking in Application Security Tools
3rd
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Vulnerability Management (23rd), Container Security (22nd), Static Code Analysis (3rd), API Security (4th), Dynamic Application Security Testing (DAST) (4th), DevSecOps (4th), Risk-Based Vulnerability Management (9th)
Qualys Web Application Scan...
Ranking in Application Security Tools
13th
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
7.6
Reviews Sentiment
6.3
Number of Reviews
40
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of August 2025, in the Application Security Tools category, the mindshare of Checkmarx One is 10.3%, down from 13.9% compared to the previous year. The mindshare of Qualys Web Application Scanning is 2.2%, up from 2.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Market Share Distribution
ProductMarket Share (%)
Checkmarx One10.3%
Qualys Web Application Scanning2.2%
Other87.5%
Application Security Tools
 

Featured Reviews

Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
AnkitSharma13 - PeerSpot reviewer
Web scanning needs improvement but offers good vulnerability detection
The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does. If Qualys Web Application Scanning could improve its crawling capability, it would be more user-friendly. Qualys Web Application Scanning does IP-level testing, requiring direct input of credentials, and can only scan a few pages to provide known generic vulnerabilities, which isn't as beneficial from my point of view. The Vulnerability Management also relies heavily on version numbers and will flag vulnerabilities based on the component version, but it doesn't check if a real fix exists, leading to flags on components that actually have workarounds available.
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
865,738 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
Computer Software Company
14%
Financial Services Firm
14%
Manufacturing Company
11%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise9
Large Enterprise38
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise6
Large Enterprise27
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What is your experience regarding pricing and costs for Qualys Web Application Scanning?
The price of Qualys Web Application Scanning is reasonable compared to other vendors. Qualys Web Application Scanning is priced per application rather than per user.
What needs improvement with Qualys Web Application Scanning?
I have experience with adaptive scanning for single-page applications, which was not very effective. Generally, comparing with other tools, Qualys Web Application Scanning still needs to improve on...
 

Also Known As

No data available
Qualys WAS
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Find out what your peers are saying about Checkmarx One vs. Qualys Web Application Scanning and other solutions. Updated: July 2025.
865,738 professionals have used our research since 2012.