Checkmarx One vs Trustwave App Scanner [EOL] comparison

Checkmarx and LevelBlue are both solutions in the Application Security Tools category. Additionally, 88% of Checkmarx users are willing to recommend the solution, compared to 66% of LevelBlue users who would recommend it.

Checkmarx One

Read 81 Checkmarx One reviews

24,219 Views
14,774 Comparison Views

88% willing to recommend

Trustwave App Scanner [EOL]

Read 5 Trustwave App Scanner [EOL] reviews

66% willing to recommend

Checkmarx One

Trustwave App Scanner [EOL]

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and Trustwave App Scanner [EOL] based on real PeerSpot user reviews.

Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools.

To learn more, read our detailed Application Security Tools Report (Updated: June 2026).

Buyer's Guide

Application Security Tools

June 2026

Download the complete report

Helped 900,644 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Checkmarx One

Average Rating

7.8

Reviews Sentiment

6.6

Number of Reviews

Ranking in other categories

Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Vulnerability Management (15th), Container Security (14th), Static Code Analysis (2nd), API Security (4th), Dynamic Application Security Testing (DAST) (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (10th), Application Security Posture Management (ASPM) (3rd), AI Security (2nd)

Trustwave App Scanner [EOL]

Average Rating

7.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Featured Reviews

Shahzad Shahzad

Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution

Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance

Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.

Read full review

Securityd276

Security Manager at a healthcare company with 1,001-5,000 employees

Stable solution that has increased the maturity of our security program

I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities. For the most part, it fits our needs but a little more flexibility would be great. I would also like to have more information on AI. If we start to deploy AI in our infrastructure, does it cover that as well?

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The best features Checkmarx One offers, in my opinion, are that it is easy to use, and there is not much deep diving into this."

"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."

"It has made our organization more efficient with our whole code scan/deployment process for our software applications."

"We use the solution to validate the source code and do SAST and security analysis."

"It is a stable product."

"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."

"Vulnerability details is valuable."

"The solution is always updating to continuously add items that create a level of safety from vulnerabilities, and they are always ahead of the game when it comes to finding any vulnerabilities within the database, so I am assured that when I am scanning my product those vulnerabilities are identified at very initial stages, giving my development team more time to react."

More Checkmarx One pros

"This scanner was more efficient compared to its competitors."

"The stability is great. We haven't had any issues at all with it."

"The simple fact that it puts us in a better place for identifying our vulnerabilities is a form of ROI."

"Trustwave App Scanner makes it really easy and convenient for us to notify the website owners before the scans, as well as providing the scan results."

"Go ahead and use Hailstorm as it's the best dynamic code analysis tool one can invest in and it gives a better ROI than most."

"Web application security testing is a valuable feature."

Cons

"Checkmarx One can be improved on the side of faster scans, especially when our CI pipelines are scanning for vulnerabilities."

"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."

"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."

"I can't create a business case with multiple-factor authentication."

"When we have many applications to check, I need to wait a long time in the queue."

"The purchase of this solution was a mistake. I would advise others to deploy the solution and to test all of the functionality before buying and do not trust the marketing from Checkmarx."

"Meta data is always needed."

"Checkmarx isn't accredited by the US government for DOD networks, so we've been forced to remove it from the network."

More Checkmarx One cons

"Used to crash/freeze due to poor performance, not sure about newer versions."

"One feature that I would really want is the number of total applications in the web GUI; after selecting a filter on the applications, it would be really helpful if it shows the number of applications."

"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."

"It was complex as I have to make sure all the requirements are in place before on-boarding Hailstorm."

"It doesn't support modern web technologies such as GWT, Angular, JS etc."

Pricing and Cost Advice

"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."

"The solution's price is high and you pay based on the number of users."

"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."

"If you want more, you have to pay more. You have to pay for additional modules or functionalities."

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."

"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."

"It is the right price for quality delivery."

More Checkmarx One pricing and cost advice

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

900,644 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

16%

Manufacturing Company

Computer Software Company

Government

No data available

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	32
Midsize Enterprise	9
Large Enterprise	46

No data available

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What is the biggest difference between Veracode and Checkmarx?

According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...

See all answers

What is your experience regarding pricing and costs for Checkmarx?

Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additional applications and users. I advise negotiating multi-year contracts or bundle...

See all answers

Ask a question

Earn 20 points

Comparisons

SonarQube vs Checkmarx One

Compared 32% of the time

Veracode vs Checkmarx One

Compared 3% of the time

Checkmarx SAST vs Checkmarx One

Compared 2% of the time

Fortify Software Security Center vs Checkmarx One

Compared 2% of the time

OpenText Core Application Security vs Checkmarx One

Compared 2% of the time

More Checkmarx One Competitors

HCL AppScan vs Trustwave App Scanner [EOL]

Compared 41% of the time

Snyk vs Trustwave App Scanner [EOL]

Compared 23% of the time

SonarQube vs Trustwave App Scanner [EOL]

Compared 17% of the time

Sonatype Lifecycle vs Trustwave App Scanner [EOL]

Compared 11% of the time

Veracode vs Trustwave App Scanner [EOL]

Compared 9% of the time

More Trustwave App Scanner [EOL] Competitors

Product Reports

Buyer's Guide

Checkmarx One

June 2026

Download Checkmarx One product report

Buyer's Guide

Application Security Tools

June 2026

Download Trustwave App Scanner [EOL] product report

Also Known As

No data available

Hailstorm, Cenzic Hailstorm

Overview

Checkmarx One delivers robust security through seamless integration with SCM and CI/CD tools, ensuring reliable SAST and SCA. Primarily used by organizations for vulnerability detection, it supports cloud and on-premises deployment to enhance secure coding practices.

Checkmarx One provides organizations with comprehensive tools for secure software development, integrating effectively with CI/CD pipelines to scan thousands of applications. Its capabilities extend to identifying vulnerabilities in both code bases and third-party software. Enhancing workflow by supporting SCM solutions, it assists in maintaining secure coding standards and compliance. While excelling in various areas, it requires improvements in scan speed, reduction of false positives, and broader platform integration, particularly for COBOL and Swift. Its pricing model is noted as high, and demand exists for better tutorials and documentation.

What are the key features of Checkmarx One?

Comprehensive Integration: Seamlessly connects with SCM, CI/CD tools to streamline security workflows.
Accurate SAST and SCA: Precisely identifies vulnerabilities down to the exact line of code.
Custom Rules Configuration: Allows tailored security measures to match specific needs.
Quick Scanning: Provides fast analysis to speed up the development process.
Automated Code Remediation: Helps in efficiently fixing code vulnerabilities.

What benefits should users expect in reviews?

Improved Security: Enhances code safety, reducing vulnerabilities efficiently.
Effective False Positivity Management: Optimizes time spent on genuine issues.
Enhanced Development Processes: Integrates smoothly to boost secure coding initiatives.
Comprehensive Language Support: Facilitates scanning in multiple programming languages, accommodating diverse needs.

Industries implement Checkmarx One for secure coding compliance and vulnerability management across varying environments, choosing between cloud and on-premises deployment based on requirements. Its extensive language support and integration with DevSecOps practices make it a popular choice for organizations aiming to enhance software security.

Checkmarx

Provides ability to test applications for security vulnerabilities, security policies and regulatory compliance.

LevelBlue

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Leading Health Insurer

Buyer's Guide

Application Security Tools

June 2026

Download Free Report

Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: June 2026.

DOWNLOAD NOW

900,644 professionals have used our research since 2012.

See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.