We just raised a $30M Series A: Read our story

What is the biggest difference between Checkmarx and SonarQube?


I currently work for a global product engineering and lifecycle services partner. 

We are currently evaluating Checkmarx and SonarQube for our PoC. What are the biggest differences between the two? Which would you recommend?

Thanks! I appreciate the help.

ITCS user
33 Answers

author avatar
Top 20Real User

SonarQube historically was focused on Code Quality and Best Practices. Recently the enterprise and data center versions provide some security vulnerabilities detection with OWASP compliance. This is not enough. If you are focused on Secure Coding, Checkmarx is much better. Most of the enterprise customers use to work with CheckMarx and SonarQube (free version) together in order to detect Security and Quality/Best Practices Issues.

author avatar
Top 5Vendor

I’ve always viewed sonarqube as a code quality tool that compliments many code security tools like a checkmarx. 

author avatar
Real User

The major difference I have seen between Checkmarx and SonarQube is :

CheckMarx support: Supports a large number of languages and finds a large variety of potential risks.

Apart from this, I don't see any big differences.

Find out what your peers are saying about Checkmarx vs. SonarQube and other solutions. Updated: November 2021.
552,407 professionals have used our research since 2012.