Checkmarx One and SonarQube Cloud both compete in the field of code analysis, focusing on security and quality. Based on the comparison data, Checkmarx One appears to have an advantage in security-focused features, while SonarQube Cloud stands out for its continuous code quality analysis capabilities.
Features: Checkmarx One is strong in security-focused code analysis, supporting numerous programming languages and allowing both automatic and manual code reviews. Its capabilities extend to scanning vulnerabilities in mobile and SAP applications and offer versatile integrations. SonarQube Cloud excels in continuous code quality management, identifying security weak points and technical debt, with a user-friendly interface that integrates seamlessly into development workflows.
Room for Improvement: Checkmarx One needs improvements in reducing false positives and expanding language support. Enhancing dynamic testing capabilities and offering better dashboard customization would benefit its users. SonarQube Cloud requires advancements in vulnerability detection and more efficient dynamic code analysis. Their integration documentation needs to be more comprehensive to ease the configuration process.
Ease of Deployment and Customer Service: Checkmarx One offers flexible deployment options including on-premises, hybrid cloud, and public cloud, which cater to different organizational needs. SonarQube Cloud operates mainly in a public cloud environment. Both provide good customer support, though Checkmarx One is recognized for more personalized and immediate responses.
Pricing and ROI: Checkmarx One is considered expensive but a worthwhile investment due to its comprehensive security features, despite needing a more flexible pricing model. SonarQube Cloud is also costly but offers a clearer pricing structure based on lines of code, which some smaller companies find more manageable. Both promise ROI via enhanced security and reduced production time, with Checkmarx emphasizing quicker returns.
It is easily integrable with the CI/CD pipeline and supports multiple projects with its extensive plugin options.
The product is designed for bigger clients, while smaller companies are often put aside.
Integrating it into different solutions is straightforward.
The customer service and support for SonarQube Cloud are responsive and helpful.
There are limitations, and it seems to have fewer capabilities than Veracode.
It has been used in multiple projects and performs well.
SonarQube Cloud is a scalable product, and I rate its scalability at seven out of ten.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
It is a quite stable solution.
From my team's feedback, it is almost an eight out of ten.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
To improve SonarQube Cloud (formerly SonarCloud), it should excel in all these domains.
I would like to see SonarQube Cloud provide more detailed solutions for fixing code issues, especially solutions related to CVEs.
Static code analysis is good, but the product lacks dynamic code scanning capabilities, an area where Veracode excels.
From my experience, SonarQube Cloud (formerly SonarCloud) is very expensive for small companies.
SonarQube Cloud is roughly equivalent in cost to Veracode, maybe a little cheaper.
We used the open-source version of SonarQube Cloud for its minimum features and did not license its extensive capabilities.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
The most valuable features of SonarQube Cloud (formerly SonarCloud) include code inspection, addressing technical debt, and identifying security vulnerabilities.
It gives precise reports compared to Coverity and has a slightly lower number of false positives.
I use SonarQube Cloud (formerly SonarCloud) to check the quality of developer code and identify vulnerabilities.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.
SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.
What are the key features of SonarQube Cloud?In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
