No more typing reviews! Try our Samantha, our new voice AI agent.

Checkmarx One vs Fortra Tripwire IP360 comparison

Checkmarx and Fortra are both solutions in the Vulnerability Management category. Checkmarx is ranked #15 with an average rating of 8.1, while Fortra is ranked #59. Checkmarx holds a 1.7% mindshare in VM, compared to Fortra’s 0.7% mindshare. Additionally, 88% of Checkmarx users are willing to recommend the solution, compared to 60% of Fortra users who would recommend it.
Sponsored
Qualys TotalCloud
Read 39 Qualys TotalCloud reviews
  • 5,336 Views
  • 3,148 Comparison Views
100% willing to recommend
Checkmarx One
Read 81 Checkmarx One reviews
  • 24,219 Views
  • 3,148 Comparison Views
88% willing to recommend
Fortra Tripwire IP360
Read 6 Fortra Tripwire IP360 reviews
  • 1,701 Views
  • 1,344 Comparison Views
60% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 9, 2024

Fortra Tripwire IP360 and Checkmarx One are competing products in the security software landscape. Checkmarx One stands out due to its comprehensive features, perceived value, and well-rounded performance.

Features: Fortra Tripwire IP360 offers robust network discovery, advanced vulnerability management, and efficient asset tracking, making it effective for organizations focused on network security. Checkmarx One provides comprehensive application security testing, incorporating static code analysis, interactive testing, and security training tools for developers, making it valuable for organizations prioritizing secure coding practices.

Room for Improvement: Fortra Tripwire IP360 could enhance its integration capabilities, user interface, and reporting features to better meet diverse business needs. It could also benefit from more flexible deployment options. Checkmarx One might improve its user interface, simplify its licensing structure, and enhance integration with third-party tools for streamlined security testing processes.

Ease of Deployment and Customer Service: Fortra Tripwire IP360 provides a straightforward on-premises deployment, which suits organizations favoring internal control; however, its customer service can be inconsistent. Checkmarx One offers flexible deployment options, including cloud-based solutions that increase scalability. Despite potentially requiring more initial setup, Checkmarx One is supported by effective customer service, often offsetting deployment complexities.

Pricing and ROI: Fortra Tripwire IP360 is noted for its cost-effectiveness in asset management, providing significant ROI particularly for network security-focused firms. Checkmarx One, despite potentially higher upfront costs, delivers strong ROI through its advanced security testing capabilities, largely benefiting organizations emphasizing long-term application security strategies. Both products offer value but Checkmarx One's comprehensive feature set may justify its cost for those targeting application safeguards.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Checkmarx One vs. Fortra Tripwire IP360 Report (Updated: June 2026).
Buyer's Guide
Checkmarx One vs. Fortra Tripwire IP360
June 2026
Download the complete report
Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (8th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Checkmarx One
Ranking in Vulnerability Management
15th
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
81
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (14th), Static Code Analysis (2nd), API Security (4th), Dynamic Application Security Testing (DAST) (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (10th), Application Security Posture Management (ASPM) (3rd), AI Security (2nd)
Fortra Tripwire IP360
Ranking in Vulnerability Management
59th
Average Rating
7.0
Reviews Sentiment
4.3
Number of Reviews
6
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of June 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.0%, up from 0.9% compared to the previous year. The mindshare of Checkmarx One is 1.7%, up from 1.0% compared to the previous year. The mindshare of Fortra Tripwire IP360 is 0.7%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.0%
Checkmarx One1.7%
Fortra Tripwire IP3600.7%
Other96.6%
Vulnerability Management
 

Featured Reviews

RO
Robert Orłowski
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Read full review
Shahzad Shahzad - PeerSpot reviewer
Shahzad Shahzad
Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution
Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance
Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.
Read full review
Corey Cole - PeerSpot reviewer
Corey Cole
Service Coordinator - Technology Security at a government with 10,001+ employees
The solution helps users to manage their entire IP range, but it's unreliable and very expensive to maintain
Only the administrator was using the product. He used it to read reports as part of our compliance programs. It wasn't heavily used by a lot of users. The tool comes in at a large scale, and we tried to scale it down. The scaling did not apply to us. It was neither difficult nor easy. I rate the scalability a five out of ten. We had some challenges while scaling it down. It could do 10,000 devices, and we wanted to use it for ten devices. The process was difficult and expensive. We did not need the product anymore.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."
"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"Qualys TotalCloud has improved our security posture."
"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
"I found the initial setup user-friendly."
"Its excellent graphical interface makes the scanning process simple."
"Qualys TotalCloud's most valuable feature is its agent versatility."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
More Qualys TotalCloud pros
"It has all the features we need."
"The solution is scalable, but other solutions are better."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities, and they are always ahead of the game when it comes to finding any vulnerabilities within the database, so I am assured that when I am scanning my product those vulnerabilities are identified at very initial stages, giving my development team more time to react."
"In my opinion, Checkmarx gives better results, and its protection is better than SonarQube."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"After scanning, it shows in-depth code of where actual vulnerabilities are, which helps us to analyze them."
"The SAST component was absolutely 100% stable."
"Overall, I use Checkmarx One as a strategic control point to improve developer velocity while strengthening application security across the full software lifecycle."
More Checkmarx One pros
"Tripwire IP360 is a very stable solution."
"The company probably chose this solution because they thought that they would be getting the best bang for their buck."
"Tripwire IP360 helps me to discover most of the vulnerabilities, and I like the way that it prioritizes these vulnerabilities, as it allows me to focus on the most important ones first and then follow up with the rest."
"This product detects vulnerabilities which exist in the environment, and provides enough information that allows for remediation, thereby securing the environment."
"Tripwire is one of the most mature in terms of companies, suites, support, everything, much more than any other product."
"It has enhanced the security program by ensuring that all external-facing systems are scanned on a routine basis."
"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"We could manage our entire IP range with the solution."
 

Cons

"An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage."
"With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks."
"Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA."
"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
"The price is very expensive, actually."
"The cost of Qualys TotalCloud is high and could be more competitive."
"Enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage."
"The support is not up to the mark and seems to be overburdened."
More Qualys TotalCloud cons
"The pricing can get a bit expensive, depending on the company's size."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Checkmarx isn't accredited by the US government for DOD networks, so we've been forced to remove it from the network."
"We felt like we were the extended quality organization for Checkmarx as they frequently released poor quality patches that broke the existing functionality."
"Their licensing fees are rigid and this causes two main issues. One is a restriction in terms of scaling the product at an enterprise level."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"I would like to see the rate of false positives reduced."
More Checkmarx One cons
"The reporting functions can use improvement."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"If you are looking for better reporting capabilities and vulnerability tracking over time for remediation purposes, then this is not the best solution."
"I am not very impressed by the technical support."
"We would like to have better reporting capabilities and for them to be more granular."
"We need to dedicate time and resources to keep it running."
"For IP360, unfortunately, scans for certain vulnerabilities often cause issues, as they are mainly false positive."
 

Pricing and Cost Advice

"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"TotalCloud's price is about right where I would expect it to be."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
More Qualys TotalCloud pricing and cost advice
"The tool's pricing is fine."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"For around 250 users or committers, the cost is approximately $500,000."
"It is an expensive solution."
"It is a good product but a little overpriced."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
More Checkmarx One pricing and cost advice
"The product was expensive for us."
"I believe the price compares well within the market."
report
See which vendors are best for you
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
See recommendations
900,747 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
18%
Financial Services Firm
14%
Construction Company
7%
Comms Service Provider
7%
Financial Services Firm
16%
Manufacturing Company
9%
Computer Software Company
8%
Government
5%
Manufacturing Company
12%
Construction Company
11%
Comms Service Provider
10%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise3
Large Enterprise29
By reviewers
Company SizeCount
Small Business32
Midsize Enterprise9
Large Enterprise46
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise1
Large Enterprise4
 

Questions from the Community

What is your experience regarding pricing and costs for Qualys TotalCloud?
The price is very expensive, actually.
See all answers
What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
See all answers
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
See all answers
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
See all answers
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed Ap...
See all answers
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additi...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Wiz vs Qualys TotalCloud Logo
Wiz vs Qualys TotalCloud
Compared 12% of the time
Microsoft Defender for Cloud vs Qualys TotalCloud Logo
Microsoft Defender for Cloud vs Qualys TotalCloud
Compared 8% of the time
Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud Logo
Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud
Compared 6% of the time
JupiterOne vs Qualys TotalCloud Logo
JupiterOne vs Qualys TotalCloud
Compared 5% of the time
Nucleus Security vs Qualys TotalCloud Logo
Nucleus Security vs Qualys TotalCloud
Compared 5% of the time
More Qualys TotalCloud Competitors
SonarQube vs Checkmarx One Logo
SonarQube vs Checkmarx One
Compared 32% of the time
Veracode vs Checkmarx One Logo
Veracode vs Checkmarx One
Compared 3% of the time
Checkmarx SAST vs Checkmarx One Logo
Checkmarx SAST vs Checkmarx One
Compared 2% of the time
Fortify Software Security Center vs Checkmarx One Logo
Fortify Software Security Center vs Checkmarx One
Compared 2% of the time
OpenText Core Application Security vs Checkmarx One Logo
OpenText Core Application Security vs Checkmarx One
Compared 2% of the time
More Checkmarx One Competitors
Tenable Nessus vs Fortra Tripwire IP360 Logo
Tenable Nessus vs Fortra Tripwire IP360
Compared 12% of the time
Tenable Security Center vs Fortra Tripwire IP360 Logo
Tenable Security Center vs Fortra Tripwire IP360
Compared 9% of the time
IBM Guardium Vulnerability Assessment vs Fortra Tripwire IP360 Logo
IBM Guardium Vulnerability Assessment vs Fortra Tripwire IP360
Compared 6% of the time
BMC Helix Automation Console vs Fortra Tripwire IP360 Logo
BMC Helix Automation Console vs Fortra Tripwire IP360
Compared 5% of the time
Vicarius vRx vs Fortra Tripwire IP360 Logo
Vicarius vRx vs Fortra Tripwire IP360
Compared 5% of the time
More Fortra Tripwire IP360 Competitors
 

Product Reports

Buyer's Guide
Qualys TotalCloud
June 2026
Qualys TotalCloud reportDownload Qualys TotalCloud product report
Buyer's Guide
Checkmarx One
June 2026
Checkmarx One reportDownload Checkmarx One product report
Buyer's Guide
Fortra Tripwire IP360
June 2026
Fortra Tripwire IP360 reportDownload Fortra Tripwire IP360 product report
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
IP360
 

Overview

Qualys TotalCloud enhances security posture across cloud environments with continuous monitoring, vulnerability management, and risk visualization, ensuring efficient threat assessment and automated remediation for improved cyber risk reduction.

Qualys TotalCloud offers a robust suite of security tools essential for organizations managing multi-cloud infrastructures. By integrating cloud accounts and automating workflows, it supports AWS, Azure, and GCP, offering comprehensive vulnerability management and zero-day detection. The platform's user-friendly design, combined with its extensive risk management and unified threat assessment capabilities, enables organizations to prioritize and remediate vulnerabilities effectively. TruRisk Insights provides clear insights on cyber risks, while the automation options streamline patch management and scanning processes. API integration across IaaS and SaaS environments further enhances resource allocation efficiency and saves time, addressing misconfigurations across cloud environments.

What are the most important features of Qualys TotalCloud?
  • Accurate Vulnerability Reports: Delivers precise and actionable insights for risk mitigation.
  • Zero-Day Detection: Identifies and addresses zero-day vulnerabilities proactively.
  • Unified Threat Assessment: Offers comprehensive evaluation of threats across the environment.
  • Extensive Risk Management: Manages risks effectively with advanced insights and prioritization.
  • Continuous Monitoring: Provides non-stop surveillance for vulnerabilities and threats.
  • Cloud-Native Automation: Streamlines processes and reduces manual efforts using automation.
  • FlexScan for Internet-Facing VMs: Scans external VMs efficiently to detect vulnerabilities.
  • Dashboard Risk Visualization: Clear visualization helps prioritize vulnerabilities.
What benefits and ROI should users look for?
  • Improved Security Posture: Enhances threat detection and response across clouds.
  • Time Savings: Automation reduces time spent on manual vulnerability management.
  • Resource Efficiency: Better allocation of resources through streamlined workflows.
  • Enhanced Risk Prioritization: Focus on critical vulnerabilities for effective mitigation.
  • Integrated Cloud Accounts: Facilitates seamless cloud management and security.

Qualys TotalCloud is deployed in sectors needing rigorous vulnerability management, such as finance and healthcare. Companies utilize it to secure multi-cloud environments like AWS, Azure, and GCP, focus on compliance, and integrate security into CI/CD pipelines to detect and remedy threats pre-deployment.

Qualys

Checkmarx One delivers robust security through seamless integration with SCM and CI/CD tools, ensuring reliable SAST and SCA. Primarily used by organizations for vulnerability detection, it supports cloud and on-premises deployment to enhance secure coding practices.

Checkmarx One provides organizations with comprehensive tools for secure software development, integrating effectively with CI/CD pipelines to scan thousands of applications. Its capabilities extend to identifying vulnerabilities in both code bases and third-party software. Enhancing workflow by supporting SCM solutions, it assists in maintaining secure coding standards and compliance. While excelling in various areas, it requires improvements in scan speed, reduction of false positives, and broader platform integration, particularly for COBOL and Swift. Its pricing model is noted as high, and demand exists for better tutorials and documentation.

What are the key features of Checkmarx One?
  • Comprehensive Integration: Seamlessly connects with SCM, CI/CD tools to streamline security workflows.
  • Accurate SAST and SCA: Precisely identifies vulnerabilities down to the exact line of code.
  • Custom Rules Configuration: Allows tailored security measures to match specific needs.
  • Quick Scanning: Provides fast analysis to speed up the development process.
  • Automated Code Remediation: Helps in efficiently fixing code vulnerabilities.
What benefits should users expect in reviews?
  • Improved Security: Enhances code safety, reducing vulnerabilities efficiently.
  • Effective False Positivity Management: Optimizes time spent on genuine issues.
  • Enhanced Development Processes: Integrates smoothly to boost secure coding initiatives.
  • Comprehensive Language Support: Facilitates scanning in multiple programming languages, accommodating diverse needs.

Industries implement Checkmarx One for secure coding compliance and vulnerability management across varying environments, choosing between cloud and on-premises deployment based on requirements. Its extensive language support and integration with DevSecOps practices make it a popular choice for organizations aiming to enhance software security.

Checkmarx

Tripwire IP360 is a powerful vulnerability management solution that identifies and prioritizes network vulnerabilities for remediation. It is highly effective in scanning devices and applications, improving security posture, ensuring compliance, and managing risks. 

Users value its detailed reporting, user-friendly interface, and seamless integration with other security tools for efficient security management.

Fortra
 

Sample Customers

Information Not Available
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
1. Aetna 2. Accenture 3. Adidas 4. AIG 5. Airbus 6. Akamai 7. Amazon 8. American Express 9. Aon 10. Apple 11. ATT 12. Autodesk 13. Bank of America 14. Barclays 15. Bayer 16. Bechtel 17. BlackRock 18. Boeing 19. BNP Paribas 20. Cisco 21. CocaCola 22. Comcast 23. Dell 24. Deutsche Bank 25. eBay 26. ExxonMobil 27. FedEx 28. Ford 29. General Electric 30. Google 31. HP 32. IBM
Buyer's Guide
Checkmarx One vs. Fortra Tripwire IP360
June 2026
Free Report: Checkmarx One vs. Fortra Tripwire IP360
Find out what your peers are saying about Checkmarx One vs. Fortra Tripwire IP360 and other solutions. Updated: June 2026.
DOWNLOAD NOW
900,747 professionals have used our research since 2012.
See our Checkmarx One vs. Fortra Tripwire IP360 report.
See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.