Checkmarx One vs Trustwave App Scanner [EOL] comparison

Checkmarx and LevelBlue are both solutions in the Application Security Tools category. Additionally, 88% of Checkmarx users are willing to recommend the solution, compared to 66% of LevelBlue users who would recommend it.

Checkmarx One

Read 81 Checkmarx One reviews

24,219 Views
14,774 Comparison Views

88% willing to recommend

Trustwave App Scanner [EOL]

Read 5 Trustwave App Scanner [EOL] reviews

66% willing to recommend

Checkmarx One

Trustwave App Scanner [EOL]

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and Trustwave App Scanner [EOL] based on real PeerSpot user reviews.

Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools.

To learn more, read our detailed Application Security Tools Report (Updated: June 2026).

Buyer's Guide

Application Security Tools

June 2026

Download the complete report

Helped 900,644 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Checkmarx One

Average Rating

7.8

Reviews Sentiment

6.6

Number of Reviews

Ranking in other categories

Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Vulnerability Management (15th), Container Security (14th), Static Code Analysis (2nd), API Security (4th), Dynamic Application Security Testing (DAST) (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (10th), Application Security Posture Management (ASPM) (3rd), AI Security (2nd)

Trustwave App Scanner [EOL]

Average Rating

7.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Featured Reviews

Shahzad Shahzad

Senior Solution Architect | L3+ Systems & Cloud Engineer | SRE Specialist at Canada Cloud Solution

Enable secure development workflows while identifying opportunities for faster scans and improved AI guidance

Checkmarx One is a very strong platform, but there are several areas where it can improve to support modern DevSecOps workflows even better. For example, better real-time developer guidance is needed. The IDE plugin should offer richer AI-powered auto-fixes similar to SNYK Code or GitHub Copilot Security, as current guidance is good but not deeply contextual for large-scale enterprise codebases. This matters because it reduces developer friction and accelerates shift-left adoption. More transparency control over the correlation engines is another need. The correlation engine is powerful but not fully transparent. Users want to understand why vulnerabilities were correlated or de-prioritized, which helps AppSec teams trust the prioritization logic. Faster SAST scan and more language coverage is needed since SAST scan can still be slow for very large mono-repos and there is limited deep support for new language frameworks like Rust and Go, along with advanced coverage for serverless-specific frameworks. This matters because large organizations want sub-minute scans in CI/CD as cloud-native ecosystems evolve fast. A strong API security module is another area for enhancement. API security scanning could be improved with active testing, API discovery, full Swagger, OpenAPI, drift detection, and schema-based fuzzing. This is important as API attacks are one of the biggest AppSec risks in 2025. Checkmarx One is strong, but I see a few areas for improvement including faster SAST scanning for large mono-repos, deeper language framework support, more transparent correlation logic, and stronger API security that includes discovery and runtime context. The IDE plugin could offer more AI-assisted fixes, and the SBOM lifecycle tracking can evolve further. Enhancing integration with SIEM and SOAR would also make enterprise adoption smoother, and these improvements would help developers and AppSec teams move faster with more accuracy.

Read full review

Securityd276

Security Manager at a healthcare company with 1,001-5,000 employees

Stable solution that has increased the maturity of our security program

I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities. For the most part, it fits our needs but a little more flexibility would be great. I would also like to have more information on AI. If we start to deploy AI in our infrastructure, does it cover that as well?

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The UI is very intuitive and simple to use."

"The most valuable feature is the simple user interface."

"The only thing I like is that Checkmarx does not need to compile."

"Checkmarx is a powerful scanning tool, and it’s essential to have one of these products to build a safe and stable application when it comes to inviting customers to use your online services."

"Both automatic and manual code review (CxQL) are valuable."

"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."

"Overall, I use Checkmarx One as a strategic control point to improve developer velocity while strengthening application security across the full software lifecycle."

"The best features Checkmarx One offers, in my opinion, are that it is easy to use, and there is not much deep diving into this."

More Checkmarx One pros

"The simple fact that it puts us in a better place for identifying our vulnerabilities is a form of ROI."

"This scanner was more efficient compared to its competitors."

"Web application security testing is a valuable feature."

"Go ahead and use Hailstorm as it's the best dynamic code analysis tool one can invest in and it gives a better ROI than most."

"The stability is great. We haven't had any issues at all with it."

"Trustwave App Scanner makes it really easy and convenient for us to notify the website owners before the scans, as well as providing the scan results."

Cons

"Unfortunately, Checkmarx doesn't do any automated backups which is quite inconvenient."

"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."

"The solution's user interface could be improved because it seems outdated."

"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."

"It would be really helpful if the level of confidence was included, with respect to identified issues."

"They could work to improve the user interface. Right now, it really is lacking."

"We can run only one project at a time."

"It is an expensive solution."

More Checkmarx One cons

"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."

"It was complex as I have to make sure all the requirements are in place before on-boarding Hailstorm."

"One feature that I would really want is the number of total applications in the web GUI; after selecting a filter on the applications, it would be really helpful if it shows the number of applications."

"It doesn't support modern web technologies such as GWT, Angular, JS etc."

"Used to crash/freeze due to poor performance, not sure about newer versions."

Pricing and Cost Advice

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

"The solution is costly."

"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."

"If you want more, you have to pay more. You have to pay for additional modules or functionalities."

"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."

"The price of Checkmarx could be reduced to match their competitors, it is expensive."

"This solution is expensive. The customized package allows you to buy additional users at any time."

"The number of users and coverage for languages will have an impact on the cost of the license."

More Checkmarx One pricing and cost advice

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

900,644 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

16%

Manufacturing Company

Computer Software Company

Government

No data available

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	32
Midsize Enterprise	9
Large Enterprise	46

No data available

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What is the biggest difference between Veracode and Checkmarx?

According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...

See all answers

What is your experience regarding pricing and costs for Checkmarx?

Checkmarx One is a premium solution, so budget accordingly. Make sure you understand how licensing scales with additional applications and users. I advise negotiating multi-year contracts or bundle...

See all answers

Ask a question

Earn 20 points

Comparisons

SonarQube vs Checkmarx One

Compared 32% of the time

Veracode vs Checkmarx One

Compared 3% of the time

Checkmarx SAST vs Checkmarx One

Compared 2% of the time

Fortify Software Security Center vs Checkmarx One

Compared 2% of the time

OpenText Core Application Security vs Checkmarx One

Compared 2% of the time

More Checkmarx One Competitors

HCL AppScan vs Trustwave App Scanner [EOL]

Compared 41% of the time

Snyk vs Trustwave App Scanner [EOL]

Compared 23% of the time

SonarQube vs Trustwave App Scanner [EOL]

Compared 17% of the time

Sonatype Lifecycle vs Trustwave App Scanner [EOL]

Compared 11% of the time

Veracode vs Trustwave App Scanner [EOL]

Compared 9% of the time

More Trustwave App Scanner [EOL] Competitors

Product Reports

Buyer's Guide

Checkmarx One

June 2026

Download Checkmarx One product report

Buyer's Guide

Application Security Tools

June 2026

Download Trustwave App Scanner [EOL] product report

Also Known As

No data available

Hailstorm, Cenzic Hailstorm

Overview

Checkmarx One delivers robust security through seamless integration with SCM and CI/CD tools, ensuring reliable SAST and SCA. Primarily used by organizations for vulnerability detection, it supports cloud and on-premises deployment to enhance secure coding practices.

Checkmarx One provides organizations with comprehensive tools for secure software development, integrating effectively with CI/CD pipelines to scan thousands of applications. Its capabilities extend to identifying vulnerabilities in both code bases and third-party software. Enhancing workflow by supporting SCM solutions, it assists in maintaining secure coding standards and compliance. While excelling in various areas, it requires improvements in scan speed, reduction of false positives, and broader platform integration, particularly for COBOL and Swift. Its pricing model is noted as high, and demand exists for better tutorials and documentation.

What are the key features of Checkmarx One?

Comprehensive Integration: Seamlessly connects with SCM, CI/CD tools to streamline security workflows.
Accurate SAST and SCA: Precisely identifies vulnerabilities down to the exact line of code.
Custom Rules Configuration: Allows tailored security measures to match specific needs.
Quick Scanning: Provides fast analysis to speed up the development process.
Automated Code Remediation: Helps in efficiently fixing code vulnerabilities.

What benefits should users expect in reviews?

Improved Security: Enhances code safety, reducing vulnerabilities efficiently.
Effective False Positivity Management: Optimizes time spent on genuine issues.
Enhanced Development Processes: Integrates smoothly to boost secure coding initiatives.
Comprehensive Language Support: Facilitates scanning in multiple programming languages, accommodating diverse needs.

Industries implement Checkmarx One for secure coding compliance and vulnerability management across varying environments, choosing between cloud and on-premises deployment based on requirements. Its extensive language support and integration with DevSecOps practices make it a popular choice for organizations aiming to enhance software security.

Checkmarx

Provides ability to test applications for security vulnerabilities, security policies and regulatory compliance.

LevelBlue

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Leading Health Insurer

Buyer's Guide

Application Security Tools

June 2026

Download Free Report

Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: June 2026.

DOWNLOAD NOW

900,644 professionals have used our research since 2012.

See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.