Checkmarx One vs Tenable.io Web Application Scanning comparison

Checkmarx and Tenable are both solutions in the Application Security Tools category. Checkmarx is ranked #3 with an average rating of 7.7, while Tenable is ranked #19 with an average rating of 7.6. Checkmarx holds a 10.3% mindshare in AS, compared to Tenable’s 1.3% mindshare. Additionally, 87% of Checkmarx users are willing to recommend the solution, compared to 93% of Tenable users who would recommend it.

Checkmarx One

Read 70 Checkmarx One reviews

20,037 Views
13,630 Comparison Views

87% willing to recommend

Tenable.io Web Application ...

Read 17 Tenable.io Web Application Scanning reviews

1,888 Views
1,470 Comparison Views

93% willing to recommend

Checkmarx One

Tenable.io Web Application ...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Checkmarx One and Tenable.io Web Application Scanning are notable web security solutions. Checkmarx One is viewed favorably for its pricing and support, while Tenable.io is preferred for its comprehensive feature set.

Features: Checkmarx One offers effective vulnerability identification, seamless integration capabilities, and user-friendly navigation. Tenable.io provides extensive scanning options, detailed reporting, and broad compatibility with different platforms.

Room for Improvement: Checkmarx One could improve reporting functionalities, reduce false positives, and enhance user interface intuitiveness. Tenable.io needs to decrease scan times, improve accuracy, and streamline user experience complexity.

Ease of Deployment and Customer Service: Checkmarx One features straightforward deployment and responsive customer support. Tenable.io has a robust deployment model but receives mixed reviews on customer service response time.

Pricing and ROI: Checkmarx One's costs are seen as reasonable with a strong return on investment. Tenable.io, although initially more expensive, delivers value over time with its advanced features.

To learn more, read our detailed Checkmarx One vs. Tenable.io Web Application Scanning Report (Updated: April 2025).

Buyer's Guide

Checkmarx One vs. Tenable.io Web Application Scanning

April 2025

Download the complete report

Helped 851,371 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Checkmarx One

Ranking in Application Security Tools

3rd

Average Rating

7.6

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (3rd), Vulnerability Management (24th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (10th)

Tenable.io Web Application ...

Ranking in Application Security Tools

19th

Average Rating

7.8

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of May 2025, in the Application Security Tools category, the mindshare of Checkmarx One is 10.3%, down from 14.8% compared to the previous year. The mindshare of Tenable.io Web Application Scanning is 1.3%, down from 1.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

Rohit Kesharwani

Manager, Engineering at 7-Eleven

Provides good security analysis and security identification within the source code

We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.

Read full review

Harshal Deshmukh

CEO and Managing Director at Digidata Infsystems Private Limited

Simple tool to use, good dashboard capabilities and offers asset criticality ratings

It has good dashboard capabilities and gives good results with priority ratings, asset criticality ratings, and exposure scores for vulnerabilities. It also provides automated web application scanning, which customers appreciate because it doesn't disturb the web application or hamper the business. While testing the web application, sometimes it happens that the website or application goes down. But with Tenable.io Web Application Scanning, it doesn't affect the business. It has good unified web application scanning and exposure management.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The UI is user-friendly."

"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."

"The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process."

"Scan reviews can occur during the development lifecycle."

"The report function is the solution's greatest asset."

"The value you can get out of the speedy production may be worth the price tag."

"The user interface is modern and nice to use."

"The setup is fairly easy. We didn't struggle with the process at all."

More Checkmarx One pros

"The solution's instant reports feature is the most effective for detecting threats."

"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."

"Tenable.io Web Application Scanning is very easy to use."

"Now that the license is centralized, it's a significant feature to manipulate assets based on their functions."

"The solution is stable."

"Tenable.io Web Application Scanning provides a detailed report, identifying functions that are complex and need to be more maintainable and readable."

"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."

"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."

More Tenable.io Web Application Scanning pros

Cons

"I can't create a business case with multiple-factor authentication."

"It is an expensive solution."

"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."

"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."

"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."

"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."

"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."

"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."

More Checkmarx One cons

"The technical support needs improvement. Currently, it takes time, which might be due to the free version, but providing some level of support could encourage future purchase decisions."

"The technical support should be improved. Currently, some attacks are detected while others are not."

"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."

"Tenable.io Web Application Scanning conducts a general scan, which wastes time. The scan needs to be specific."

"It isn't easy to manage vulnerabilities in Tenable."

"It would be great if there were a dashboard that is more user-friendly."

"The platform's technical support services could be better."

"The market is standard for vulnerability scanning, however, the posture can be improved through Tenable's prioritization engine."

More Tenable.io Web Application Scanning cons

Pricing and Cost Advice

"Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."

"The solution is costly."

"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."

"The number of users and coverage for languages will have an impact on the cost of the license."

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."

"It is the right price for quality delivery."

"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."

"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."

More Checkmarx One pricing and cost advice

"It follows the same licensing scheme as Tenable.io and Tenable. sc."

"The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."

"The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."

"For Tenable.io Web Application Scanning, it comes to around 6,50,000 Indian rupees, plus taxes."

"The pricing is okay."

"Tenable.io Web Application Scanning is expensive for small businesses."

"I rate the product's pricing a four out of ten."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

851,371 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

14%

Manufacturing Company

10%

Government

Financial Services Firm

14%

Computer Software Company

13%

Government

11%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

See all answers

What do you like most about Tenable.io Web Application Scanning?

The most effective feature of the product is the ability to scan the entire environment.

See all answers

What needs improvement with Tenable.io Web Application Scanning?

Improvements could include providing coverage reports in the free version and features related to security reports. Also, enhancing technical support would be beneficial as there is room for improv...

See all answers

What advice do you have for others considering Tenable.io Web Application Scanning?

I would recommend Tenable.io Web Application Scanning as it provides us with good reports, which help improve our code base, despite the lack of financial benefits. Overall, I would rate it seven o...

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One

Compared 39% of the time

Veracode vs Checkmarx One

Compared 12% of the time

Fortify on Demand vs Checkmarx One

Compared 6% of the time

Checkmarx SAST vs Checkmarx One

Compared 5% of the time

OWASP Zap vs Checkmarx One

Compared 5% of the time

More Checkmarx One Competitors

Acunetix vs Tenable.io Web Application Scanning

Compared 25% of the time

Qualys Web Application Scanning vs Tenable.io Web Application Scanning

Compared 13% of the time

PortSwigger Burp Suite Professional vs Tenable.io Web Application Scanning

Compared 12% of the time

Fortify on Demand vs Tenable.io Web Application Scanning

Compared 10% of the time

HCL AppScan vs Tenable.io Web Application Scanning

Compared 7% of the time

More Tenable.io Web Application Scanning Competitors

Product Reports

Buyer's Guide

Checkmarx One

May 2025

Download Checkmarx One product report

Buyer's Guide

Application Security Tools

May 2025

Tenable.io Web Application Scanning report

Download Tenable.io Web Application Scanning product report

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Tenable.io Web Application Scanning safely, accurately and automatically scans your web applications, providing deep visibility into vulnerabilities and valuable context to prioritize remediation.

Tenable

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

IMDEX

Buyer's Guide

Checkmarx One vs. Tenable.io Web Application Scanning

April 2025

Free Report: Checkmarx One vs. Tenable.io Web Application Scanning

Find out what your peers are saying about Checkmarx One vs. Tenable.io Web Application Scanning and other solutions. Updated: April 2025.

DOWNLOAD NOW

851,371 professionals have used our research since 2012.

See our Checkmarx One vs. Tenable.io Web Application Scanning report.

See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.