One of the most popular comparisons on IT Central Station is Checkmarx vs SonarQube.
One user said about Checkmarx that "It pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
However, a user with experience with SonarQube has said "With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
Which of these two solutions would you recommend and why?
Thanks for your help!