No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx One vs SUSE NeuVector comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Checkmarx One
Ranking in Container Security
14th
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
81
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Vulnerability Management (15th), Static Code Analysis (2nd), API Security (4th), Dynamic Application Security Testing (DAST) (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (11th), Application Security Posture Management (ASPM) (3rd), AI Security (3rd)
SUSE NeuVector
Ranking in Container Security
20th
Average Rating
7.8
Reviews Sentiment
7.3
Number of Reviews
8
Ranking in other categories
Cloud Workload Protection Platforms (CWPP) (22nd)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of Checkmarx One is 2.7%, up from 2.2% compared to the previous year. The mindshare of SUSE NeuVector is 1.7%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.5%
Checkmarx One2.7%
SUSE NeuVector1.7%
Other94.1%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Shahzad Shahzad - PeerSpot reviewer
Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution
Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance
Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.
Danie Joubert - PeerSpot reviewer
Managing Director at ProQuanta
Good value for money; great for policy management
Our model of deployment for this solution is on-premises. For people looking into this solution and trying to use it for the first time, I'd say make your life easier by using the SUSE product as well on top of your community scale stack. That makes your integration points a lot easier and smoother. I would also say during your initial setup, make sure that your clusters are already in terms of the capabilities with the version required. I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best. The reason for this rating is that what they offer is solid, but they could expand their service and add more features just to make more things integrated into an enterprise itself.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."
"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
"I would recommend Qualys TotalCloud to other users because it is cost-efficient and has a good return on investment."
"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."
"TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks."
"Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses."
"It is a stable product."
"From my point of view, it is the best product on the market."
"By using the automated testing in Checkmarx One, we have saved around one or two days in a full week of our team because we have a lot of code to do with seven markets."
"One of the most important tools in our building process."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use, and we do not need to configure anything, we only have to scan to see the results."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The most valuable feature of SUSE NeuVector is its run-time security."
"The most valuable feature of SUSE NeuVector is the performance, deployment, and cost."
"The initial setup is quite good, it's straightforward."
"The UI has a lot of features."
"The features of image scanning and anti-malware are really valuable."
"The tool's deployment is simple. Also, I am impressed with its risk capabilities."
"When it comes to the price, we got a really good deal from the vendor instantly."
"The solution includes many features, not only for container and client security but also for scanning nodes, networks, and vulnerabilities."
 

Cons

"A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux."
"Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems."
"The cost of Qualys TotalCloud is high and could be more competitive."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."
"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."
"Their support could be improved."
"The Dynamic Application Security Testing (DAST) feature should be better."
"Checkmarx could improve the speed of the scans."
"Checkmarx One can be improved on the side of faster scans, especially when our CI pipelines are scanning for vulnerabilities."
"Unfortunately, Checkmarx doesn't do any automated backups which is quite inconvenient."
"When we have many applications to check, I need to wait a long time in the queue."
"It could be improved with more reporting of false positives and the understanding of file references."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"The image-scanning features need improvement."
"SUSE NeuVector could improve by increasing its visibility into other elements of the DevSecOps pipeline. Additionally, scanning around infrastructure would be helpful."
"The tool should offer seamless integration of other security tools while in a hybrid environment."
"I would say that this solution should improve monitoring and reporting. I would also like to see more integrations so that we could essentially make it a part of a developing pipeline."
"Using a node port instead of a cluster IP is less ideal when implementing federation features between two clusters and could be improved."
"The documentation needs to improve a bit."
"However, I found that the support in Egypt was not very qualified, and there was a need to upgrade to a higher support layer to solve my issues."
"SUSE NeuVector should provide more security protection rules and better container image scanning."
 

Pricing and Cost Advice

"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud is expensive."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"It is the right price for quality delivery."
"The interface used to create custom rules comes at an additional cost."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"It's relatively expensive."
"We have purchased an annual license to use this solution. The price is reasonable."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"SUSE NeuVector is an open-source solution."
"The solution's pricing could be better. The cost of a subscription is calculated on the basis of work."
"The price of SUSE NeuVector is low. There is an additional cost for support."
"Licensing fees are paid yearly."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
16%
Manufacturing Company
9%
Computer Software Company
8%
Government
5%
Financial Services Firm
19%
Computer Software Company
12%
Manufacturing Company
10%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business32
Midsize Enterprise9
Large Enterprise46
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise1
Large Enterprise2
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed Ap...
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additi...
What needs improvement with NeuVector?
One area for improvement is NeuVector's ability to import CVEs from different sources. Additionally, using a node por...
What is your primary use case for NeuVector?
In my company, I am looking to deploy a container security runtime solution.
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
NeuVector
 

Overview

 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Figo, Clear Review, Arvato Bertelsmann, Experian, Chime
Find out what your peers are saying about Checkmarx One vs. SUSE NeuVector and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.