SonarQube Security Rules vs Checkmarx

1,963 views
Skip to first unread message

Jake Colman

unread,
Jul 1, 2016, 8:21:53 AM7/1/16
to SonarQube
We have started evaluating SonarQube for our C#  and PHP code and are strongly considering the commercial plugin for C++.  SonarQube support a number of Security rules such a OWASP,  How does it relate, however, to Checkmarx?  Is it the intention for SonarQube to do as much as Checkmarx?  Is it already close to what Checkmarx can do and/or does it plan to evolve that way? Should I view Checkmarx as complimentary to Sonar especially since it has a Sonar plugin?

Thanks.

Jake Colman
VP, Development
Billtrust

Alexandre Gigleux

unread,
Jul 1, 2016, 8:53:46 AM7/1/16
to SonarQube
Hi Jake,

For questions related to SonarSource commercial products, you'd rather contact us directly thru http://www.sonarsource.com/get-contact/

Regards
Alex

Jake Colman

unread,
Jul 1, 2016, 9:02:00 AM7/1/16
to Alexandre Gigleux, SonarQube
Alex,

So please ignore my reference to C++.  How do the Sonar security checks for C# compare to Checkmarx?


Jake Colman
VP, Development
Billtrust | www.billtrust.com
Office: 609.235.0792 | Mobile: 610.348.2788
Follow Us: Twitter | Facebook | LinkedIn | Blog


--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/iM-elfUNhXc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/571f1567-c025-400a-9952-a748d95ad969%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

dani...@itcentralstation.com

unread,
Dec 20, 2016, 4:23:05 AM12/20/16
to SonarQube
You might find this direct comparison between Checkmarx and SonarQube on IT Central Station to be helpful: https://goo.gl/DPYgtl.

Users interested in these two solutions also read reviews for HPE Fortify on Demand. This user writes that it "reduced operational costs as we minimized security incidents and ensured all vulnerabilities are remediated during the development lifecycle." You can read the rest of his review here: https://goo.gl/57zfVg.

Good luck with your search. 
Reply all
Reply to author
Forward
0 new messages