We performed a comparison between Checkmarx One and SonarCloud based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The solution allows us to create custom rules for code checks."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The UI is user-friendly."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The solution can be installed locally."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The reports from SonarCloud are very good."
"For what it is meant to do, it works pretty well."
"The most valuable feature of SonarCloud is its overall performance."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"Its user interface could be improved and made more friendly."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"Updating and debugging of queries is not very convenient."
"Checkmarx is not good because it has too many false positive issues."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"Micro-services need to be included in the next release."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"SonarCloud's UI needs enhancement."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"It would be helpful if notifications could go out to an extra person."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while SonarCloud is ranked 10th in Static Application Security Testing (SAST) with 10 reviews. Checkmarx One is rated 7.6, while SonarCloud is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Sonatype Lifecycle, whereas SonarCloud is most compared with SonarQube, Veracode, GitLab, OWASP Zap and Coverity. See our Checkmarx One vs. SonarCloud report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.