SonarQube vs Checkmarx CxSAST

I have few questions regarding SAST. Could someone please clarify?

  1. What is the difference between SonarQube and Checkmarx CxSAST?
  2. what is the common thing between these two?
  3. At which situations SonarQube is preferred?


You know that you’re asking a really biased crowd, right? :smiley:

Both are SAST: static application security testing. Beyond that, I’d really council you to try both and make your own comparison. You can easily get a free trial license for Developer Edition($).