IT Central Station is now PeerSpot: Here's why

What is the biggest difference between Checkmarx and SonarQube?

User at a tech services company with 10,001+ employees

I currently work for a global product engineering and lifecycle services partner. 

We are currently evaluating Checkmarx and SonarQube for our PoC. What are the biggest differences between the two? Which would you recommend?

Thanks! I appreciate the help.

PeerSpot user
33 Answers

Elina Petrovna - PeerSpot reviewer
Real User

SonarQube historically was focused on Code Quality and Best Practices. Recently the enterprise and data center versions provide some security vulnerabilities detection with OWASP compliance. This is not enough. If you are focused on Secure Coding, Checkmarx is much better. Most of the enterprise customers use to work with CheckMarx and SonarQube (free version) together in order to detect Security and Quality/Best Practices Issues.

Curtis Yanko - PeerSpot reviewer
Top 5Vendor

I’ve always viewed sonarqube as a code quality tool that compliments many code security tools like a checkmarx. 

ManojKumar9 - PeerSpot reviewer
Real User

The major difference I have seen between Checkmarx and SonarQube is :

CheckMarx support: Supports a large number of languages and finds a large variety of potential risks.

Apart from this, I don't see any big differences.

Buyer's Guide
Checkmarx vs. SonarQube
July 2022
Find out what your peers are saying about Checkmarx vs. SonarQube and other solutions. Updated: July 2022.
620,600 professionals have used our research since 2012.