Try our new research platform with insights from 80,000+ expert users

What is the biggest difference between Checkmarx and SonarQube?

I currently work for a global product engineering and lifecycle services partner. 

We are currently evaluating Checkmarx and SonarQube for our PoC. What are the biggest differences between the two? Which would you recommend?

Thanks! I appreciate the help.

BR
Malla Reddy Bakka
Works at a tech services company with 10,001+ employees
  • 0
  • 39
FollowingFollow
Share
PeerSpot user
Buyer's Guide
Checkmarx One vs. SonarQube
December 2025
Get the report
Helped 879,672 peers since 2012

3 Answers

Last answered Mar 2, 2021
EP
Elina Petrovna
Professor at BitBrainery University
Real User
Feb 4, 2020

SonarQube historically was focused on Code Quality and Best Practices. Recently the enterprise and data center versions provide some security vulnerabilities detection with OWASP compliance. This is not enough. If you are focused on Secure Coding, Checkmarx is much better. Most of the enterprise customers use to work with CheckMarx and SonarQube (free version) together in order to detect Security and Quality/Best Practices Issues.

Like(2)
Reply
Product comparison that may be of interest to you
Checkmarx One
  • 79 Reviews
SonarQube
  • 134 Reviews
CY
Curtis Yanko
DevSecOps Evangelist & Coach at Shiftleft
Real User
Top 20
Mar 2, 2021

I’ve always viewed sonarqube as a code quality tool that compliments many code security tools like a checkmarx. 

Like(1)
Reply
MK
ManojKumar9
Systems Analyst at Thrivent Financial for Lutherans
Real User
Feb 4, 2020

The major difference I have seen between Checkmarx and SonarQube is :

CheckMarx support: Supports a large number of languages and finds a large variety of potential risks.

Apart from this, I don't see any big differences.

Like(1)
Reply
Buyer's Guide
Checkmarx One vs. SonarQube
December 2025
Free Report: Checkmarx One vs. SonarQube
Find out what your peers are saying about Checkmarx One vs. SonarQube and other solutions. Updated: December 2025.
DOWNLOAD NOW
879,672 professionals have used our research since 2012.
Checkmarx One vs. SonarQube comparison
Checkmarx One
  • 79 Reviews
SonarQube
  • 134 Reviews
Checkmarx One
  • 79 Reviews
SonarQube
  • 134 Reviews
Checkmarx One and SonarQube compete in the security analysis domain for software development. Checkmarx One has the upper hand in comprehensive security analysis without needing code compilation, while SonarQube excels in broad language support and CI/CD pipeline integration, which is beneficial for teams aiming to boost code quality and coverage.Features: Checkmarx One offers rapid security vulnerability analysis with capabilities to scan large code volumes without pre-compilation, supports...
Download Checkmarx One vs. SonarQube comparison ReportRead more

Related Q&As

May 23, 2023
What are the differences between SonarQube and CAST AIP?
May 16, 2023
Which software is ideal for code quality and security?