No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx One vs Uptycs comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Checkmarx One
Ranking in Container Security
14th
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
81
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Vulnerability Management (15th), Static Code Analysis (2nd), API Security (4th), Dynamic Application Security Testing (DAST) (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (11th), Application Security Posture Management (ASPM) (3rd), AI Security (3rd)
Uptycs
Ranking in Container Security
37th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
2
Ranking in other categories
Endpoint Protection Platform (EPP) (44th), Endpoint Detection and Response (EDR) (51st), Cloud Workload Protection Platforms (CWPP) (23rd), Extended Detection and Response (XDR) (39th), Cloud Security Posture Management (CSPM) (33rd), Cloud-Native Application Protection Platforms (CNAPP) (22nd), Cloud Detection and Response (CDR) (12th)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of Checkmarx One is 2.7%, up from 2.2% compared to the previous year. The mindshare of Uptycs is 0.7%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.5%
Checkmarx One2.7%
Uptycs0.7%
Other95.1%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Shahzad Shahzad - PeerSpot reviewer
Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution
Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance
Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.
SangramGupta - PeerSpot reviewer
Security Consultant at Deloitte
Centralized visibility has improved risk-based vulnerability management but onboarding still needs simplification
From my perspective, the features of Uptycs that stand out more for my projects and organization are the vulnerability management, endpoint visibility, and asset inventory management features. I can share two specific outcomes that show this positive impact using Uptycs. First, it reduces significant time and effort from the asset inventory point of view because previously I needed to scan all of the assets which were in scope, but now I only scan those assets that are currently active and in scope, and the CMDB and asset inventory receive proper updates of those assets. Secondly, in vulnerability prioritization, I receive all the prioritized vulnerabilities so I can prioritize and mitigate or remediate them as soon as possible, which reduces the overall time of remediation as well.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."
"We were able to realize its benefits within 24 to 48 hours."
"Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution."
"Qualys TotalCloud's most valuable feature is its agent versatility."
"TruRisk Insights is the most important innovation they've released this year."
"Qualys TotalCloud provides a single, prioritized view of risk, reducing the workload associated with consolidating multiple sources for risk prioritization."
"CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs."
"The best part I like is the on-demand scans."
"If you really are worried about your business, i.e. about your development sites or development environments, Checkmarx is a great solution."
"Vulnerability details is valuable."
"Overall, I use Checkmarx One as a strategic control point to improve developer velocity while strengthening application security across the full software lifecycle."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The administration in Checkmarx is very good."
"Checkmarx One has positively impacted our organization as we tend to find vulnerabilities very early in the development cycle."
"Checkmarx One has positively impacted the organization, and since replacing the previous tool, SAST and SCA scans are conducted in a couple of minutes instead of hours or days, saving time and increasing speed to market by reducing the timeline from three or four days to one day only."
"In my opinion, Checkmarx gives better results, and its protection is better than SonarQube."
"I have seen a return on investment from using Uptycs, saving almost 25 to 30 percent in terms of asset investigations or asset inventory management and vulnerability prioritization, which is significant."
"They have multiple great features."
 

Cons

"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."
"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually."
"It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It w"
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"The solution's user interface could be improved because it seems outdated."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context."
"It needs better role management."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"The cost per user is high and should be reduced."
"When we have many applications to check, I need to wait a long time in the queue."
"Regarding improvements for Uptycs, I suggest simplified onboarding for complex cloud environments because the current onboarding method is complex and requires checks with the support team."
"We end up facing a lot of issues after upgrades."
 

Pricing and Cost Advice

"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"TotalCloud's price is about right where I would expect it to be."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"The tool's pricing is fine."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
"It's relatively expensive."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"For around 250 users or committers, the cost is approximately $500,000."
Information not available
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
16%
Manufacturing Company
9%
Computer Software Company
8%
Government
5%
Financial Services Firm
19%
Construction Company
13%
Insurance Company
6%
Transportation Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business32
Midsize Enterprise9
Large Enterprise46
No data available
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed Ap...
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additi...
What needs improvement with Uptycs?
Regarding improvements for Uptycs, I suggest simplified onboarding for complex cloud environments because the current...
What is your primary use case for Uptycs?
I use Uptycs as part of cloud security threat detection, vulnerability management, and security operations initiative...
What advice do you have for others considering Uptycs?
My advice for others looking into using Uptycs is that if you are looking for a centralized solution for all security...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Comcast, Crossbeam, Flexport, Greenlight Financial, Lookout Security, PayNearMe
Find out what your peers are saying about Checkmarx One vs. Uptycs and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.