No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx One vs Query.ai comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in AI Security
3rd
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
81
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Vulnerability Management (15th), Container Security (14th), Static Code Analysis (2nd), API Security (4th), Dynamic Application Security Testing (DAST) (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (11th), Application Security Posture Management (ASPM) (3rd)
Query.ai
Ranking in AI Security
27th
Average Rating
8.0
Reviews Sentiment
4.3
Number of Reviews
3
Ranking in other categories
Security Analytics (4th), AI Data Analysis (27th)
 

Mindshare comparison

As of July 2026, in the AI Security category, the mindshare of Checkmarx One is 1.5%, down from 3.5% compared to the previous year. The mindshare of Query.ai is 0.4%. It is calculated based on PeerSpot user engagement data.
AI Security Mindshare Distribution
ProductMindshare (%)
Checkmarx One1.5%
Query.ai0.4%
Other98.1%
AI Security
 

Featured Reviews

Shahzad Shahzad - PeerSpot reviewer
Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution
Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance
Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.
reviewer2834415 - PeerSpot reviewer
DevSecOps engineer at a financial services firm with 10,001+ employees
Query automation has reduced investigation time and frees our team to focus on complex DevOps tasks
The best features Query.ai offers make anything with queries much easier, and it ensures that it is very optimistically correct with whatever it is doing. It also delivers access throughout real-time and historical data, making it really quick and fast to act upon. The real-time and historical data access from Query.ai helps me in my work by allowing me to go through queries quicker, so even if there are errors anywhere, detection happens pretty fast. Because it is on automation and the investigation is done really quickly, it saves a lot of my time. Query.ai has positively impacted my organization by being very appreciative for what it has done and how there is lesser work task on ourselves, and we could be focusing on more things because as DevOps, we have a lot of work. The reduction in workload due to Query.ai has made things easier, especially every time we need to investigate why an SQL query is not loading or if it is duplicating. It is especially effective during access management to either provision or de-provision access for users.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the simple user interface."
"Overall, we are very satisfied with Checkmarx and it is a product that I recommend."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"It moved our organization towards being agile vs. waterfall."
"It's been a very positive experience overall."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"Time saving and accuracy are the main benefits; in my data mart and data lakes project, Query.ai has been very useful, with all transformations automated, which had a huge impact on our entire project."
"Query.ai helps reduce costs and improve security in my organization, though I do not have the actual numbers, but the impact was significant."
"Query.ai has positively impacted my organization by being very appreciative for what it has done and how there is lesser work task on ourselves, and we could be focusing on more things because as DevOps, we have a lot of work."
 

Cons

"The accessibility for customized Checkmarx rules is currently limited and should be improved."
"Checkmarx could improve by reducing the price."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"If it is a very large code base then we have a problem where we cannot scan it (if more then ~ 30 mb zip file provided - scan is crashes or takes a lot of time)."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"It needs better role management."
"The purchase of this solution was a mistake. I would advise others to deploy the solution and to test all of the functionality before buying and do not trust the marketing from Checkmarx."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"Query.ai performs well, but there are other software options that do auditing a little better."
"I felt the pricing is somewhat higher."
"Probably Query.ai could be a little more optimized, but it is good."
 

Pricing and Cost Advice

"The tool's pricing is fine."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
"It is an expensive solution."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"It is the right price for quality delivery."
"It is a good product but a little overpriced."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
Information not available
report
Use our free recommendation engine to learn which AI Security solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Manufacturing Company
9%
Computer Software Company
8%
Government
5%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business32
Midsize Enterprise9
Large Enterprise46
No data available
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additional applications and users. I advise negotiating multi-year contracts or bundle...
What is your experience regarding pricing and costs for Query.ai?
My experience with pricing, setup cost, and licensing was good. I felt the pricing is somewhat higher.
What needs improvement with Query.ai?
Probably Query.ai could be a little more optimized, but it is good.
What is your primary use case for Query.ai?
Initially, I started by checking out what Query.ai is about, and from there, my main use case has been for data queries and how to edit a query. The main use case for Query.ai that I wish it could ...
 

Comparisons

 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Checkmarx One vs. Query.ai and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.