• Home
  • Checkmarx One vs. SonarCloud

Checkmarx One vs SonarCloud comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo

Checkmarx One

Read 67 Checkmarx One reviews
33,297 views|21,828 comparisons
86% willing to recommend
Sonar Logo

SonarCloud

Read 10 SonarCloud reviews
10,008 views|7,371 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Checkmarx One vs. SonarCloud
March 2024
Executive Summary

We performed a comparison between Checkmarx One and SonarCloud based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx One vs. SonarCloud Report (Updated: March 2024).
Download the complete report
768,578 professionals have used our research since 2012.
Featured Review
Rahul Mane
A highly recommended tool for delivering secure products
Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production.... Read more →
Huzaifa Asif
A comprehensive code quality management offering all-in-one functionality, including static code analysis, security...
Through SonarCloud, we gain insights, especially in a microservices environment with product-based products. It provides valuable guidance in... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The user interface is excellent. It's very user friendly.""The setup is fairly easy. We didn't struggle with the process at all.""It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc).""Our static operation security has been able to identify more security issues since implementing this solution.""The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects.""Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before.""The value you can get out of the speedy production may be worth the price tag.""The solution has good performance, it is able to compute in 10 to 15 minutes."

More Checkmarx One Pros →

"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions.""Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots.""For what it is meant to do, it works pretty well.""The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules.""The solution can be installed locally.""SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs.""The reports from SonarCloud are very good.""The most valuable feature of SonarCloud is its overall performance."

More SonarCloud Pros →

Cons
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered.""The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools.""The reports are good, but they still need to be improved considering what the UI offers.""Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices.""We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process.""With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too.""I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time).""They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."

More Checkmarx One Cons →

"The solution needs to improve its customization and flexibility.""The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps.""CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling.""The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit.""There's room for improvement in the configuration process, particularly during the initial setup phase.""We had some issues with the scanner.""I've been told by the developers that the solution is too limited. It's not testing enough within the containers.""SonarCloud's UI needs enhancement."

More SonarCloud Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

    • More Checkmarx One Pricing and Cost Advice →

  • "The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
  • "The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
  • "I am using the free version of the solution."
  • "I rate the pricing a five out of ten."
  • "While not extremely cheap, it aligns well with market standards and offers good value."
  • "The current pricing is quite cheap."

    • More SonarCloud Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    768,578 professionals have used our research since 2012.
    Questions from the Community
    What alternatives are there for Fortify WebInspect and Fortify SCA?
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Read all 4 answers   →
    What do you like most about Checkmarx?
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Checkmarx?
    Top Answer:The solution's price is high and you pay based on the number of users.
    Read all 25 answers   →
    What do you like most about SonarCloud?
    Top Answer:Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
    Read all 9 answers   →
    What is your experience regarding pricing and costs for SonarCloud?
    Top Answer:I would rate the price an eight out of ten because it's reasonable. While not extremely cheap, it aligns well with market standards and offers good value. It's an all-inclusive package where you pay a… more »
    Read all 7 answers   →
    What needs improvement with SonarCloud?
    Top Answer:There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation could… more »
    Read all 9 answers   →
    Ranking
    3rd
    out of 67 in Application Security Testing (AST)
    Views
    33,297
    Comparisons
    21,828
    Reviews
    21
    Average Words per Review
    513
    Rating
    7.7
    10th
    out of 67 in Application Security Testing (AST)
    Views
    10,008
    Comparisons
    7,371
    Reviews
    8
    Average Words per Review
    524
    Rating
    8.4
    Comparisons
    SonarQube logo
    SonarQube vs. Checkmarx One
    Compared 52% of the time.
    Veracode logo
    Veracode vs. Checkmarx One
    Compared 13% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Checkmarx One
    Compared 6% of the time.
    Snyk logo
    Snyk vs. Checkmarx One
    Compared 4% of the time.
    Sonatype Lifecycle logo
    Sonatype Lifecycle vs. Checkmarx One
    Compared 2% of the time.
    More Checkmarx One Competitors   →
    SonarQube logo
    SonarQube vs. SonarCloud
    Compared 77% of the time.
    Veracode logo
    Veracode vs. SonarCloud
    Compared 7% of the time.
    OWASP Zap logo
    OWASP Zap vs. SonarCloud
    Compared 3% of the time.
    GitLab logo
    GitLab vs. SonarCloud
    Compared 3% of the time.
    Coverity logo
    Coverity vs. SonarCloud
    Compared 2% of the time.
    More SonarCloud Competitors   →
    Learn More
    Checkmarx
    Sonar
    Interactive Demo
    Checkmarx
    Demo Not Available
    Sonar
    Watch a demo
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security analysis as a service. SonarCloud integrates seamlessly with popular version control and CI/CD platforms such as GitHub, Bitbucket, and Azure DevOps. It provides static code analysis to identify and help remediate issues such as bugs and security vulnerabilities. SonarCloud enables developers to receive immediate feedback on their code within their development environment, facilitating the maintenance of high-quality code standards, and promoting a culture of continuous improvement in software development projects. It helps produce software that is secure, reliable, and maintainable. SonarCloud is free for open-source projects and is offered as a paid subscription for private projects, priced per lines of code.

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm9%
    Manufacturing Company8%
    Healthcare Company5%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise11%
    Large Enterprise72%
    REVIEWERS
    Small Business56%
    Midsize Enterprise33%
    Large Enterprise11%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise19%
    Large Enterprise58%
    Buyer's Guide
    Checkmarx One vs. SonarCloud
    March 2024
    Free Report: Checkmarx One vs. SonarCloud
    Find out what your peers are saying about Checkmarx One vs. SonarCloud and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,578 professionals have used our research since 2012.

    Checkmarx One is ranked 3rd in Application Security Testing (AST) with 67 reviews while SonarCloud is ranked 10th in Application Security Testing (AST) with 10 reviews. Checkmarx One is rated 7.6, while SonarCloud is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Sonatype Lifecycle, whereas SonarCloud is most compared with SonarQube, Veracode, OWASP Zap, GitLab and Coverity. See our Checkmarx One vs. SonarCloud report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.