We performed a comparison between GitHub and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are finding GitHub is very stable."
"GitHub is good for small companies and for personal use."
"Any complex banking can be handled very easily in GitHub. It allows us to integrate with tools like Grid, where we can merge and resolve conflicts without any hassle."
"The most valuable aspects of GitHub are version control and parallel development. I also appreciate the forking part, which allows us to release a specific set of features to the environment."
"The most valuable features of GitHub are the ease of integration into Microsoft Azure DevOps. The process that you need to deploy into Microsoft Azure becomes fairly simple and the templates are already available, a lot of the engineers find it easier to use."
"The ease of use is valuable."
"GitHub is the best tool for source repositories."
"I use this solution to store my code in a repository so we can manage version control which is useful."
"The code coverage feature is very good."
"Can tweak rules and feed them into our build pipelines."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"The fact that the solution does security scanning is valuable."
"The overall quality of the indicator is good."
"We advise all of our developers to have this solution in place."
"I decided not to use GitHub but developed my tool because I found it more efficient. I'm familiar with my tools, making them easier to use. I like being able to customize them to fit my workflow and the way I think.. Software development is like a personal workshop, and I tailor my version control to match my approach."
"We want to incorporate management comments within GitHub, making it more like a product management tool. We haven't done that yet. Another change we're considering is migrating from GitHub to Azure DevOps, especially now that Microsoft has introduced it."
"I would like to see more security where a plugin was available for us to update in relation to security."
"The security for this solution could be tightened up and improved."
"We would like this solution to have a more user-friendly interface."
"I think it would be valuable to have more security. Some of the data is very open to everyone."
"There is room for improvement in terms of interface."
"As of now, if I would like to learn about GitHub or its features, I would have to look on YouTube. It would be nice if they were able to send out a newsletter with explanations of new features that they are offering and what features are available."
"The product provides false reports sometimes."
"We could use some team support, but since we are using the community version, it's not available."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"The solution could improve by having better-consulting services."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
GitHub is ranked 9th in Application Security Tools with 74 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. GitHub is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitHub is most compared with Snyk, AWS CodeCommit, Fortify on Demand, Bitbucket and Surround SCM, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our GitHub vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.