Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)
N/A
SonarQube for IDE
Score 9.2 out of 10
N/A
SonarQube for IDE is a free IDE plugin that helps developers by detecting and highlighting issues in their code in real time. Like a spell checker, SonarLint detects Bugs, code smells, and Security Vulnerabilities as code is written, and offers guidance.
N/A
Pricing
Checkmarx
SonarQube for IDE
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Checkmarx
SonarQube for IDE
Free Trial
No
Yes
Free/Freemium Version
No
Yes
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Checkmarx
SonarQube for IDE
Considered Both Products
Checkmarx
Verified User
Anonymous
Chose Checkmarx
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into …
We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, …
If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.
SonarLint highlights all the issues in our codes and also displays the severity of each issue.
SonarLint also provides suggestions for how to fix those code issues which are highlighted.
SonarLint starts the processing of the file as soon as it is opened and highlights all the issues which it found.
When we fix the issue, we don't even need to create a new build or generate fresh code quality report, as soon as we save the file with the changes, it does the processing again and shows the result if the issue is fixed or not.
SonarLint saves a lot of time and effort by saving us from doing fresh build every time and generating new code quality report every time, thus increasing the efficiency and output which is in return beneficial for the client.
Checkmarx's usability is generally good, but it can be a bit complex for new users. The interface may take some time to get used to, especially for those unfamiliar with security tools. Once you become familiar with it, it’s effective and integrates well into development workflows.
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems
SonarLint helps in achieving all the business requirements in a more efficient way.
It reduces the manual and redundant work which we would have to do else every time if we did not use SonarLint.
SonarLint helps in maintaining code quality, and thus also highlights the loopholes for the cyber attacks and phishing attacks.
SonarLint makes work easy and helps the developer to invest less time in manual work thereby increasing their capacity to deliver the maximum output to the client.