We performed a comparison between Polyspace Code Prover and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"The product detects memory corruptions."
"Polyspace Code Prover is a very user-friendly tool."
"The outputs are very reliable."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis."
"The initial setup is simple. It requires some security, but it's simple."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"The software quality gate streamlines the product's quality."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"The SonarQube dashboard looks great."
"Before you even compile, it can catch known vulnerability issues or patterns."
"The solution's user interface is very user-friendly."
"Using Code Prover on large applications crashes sometimes."
"The tool has some stability issues."
"Automation could be a challenge."
"One of the main disadvantages is the time it takes to initiate the first run."
"I'd like the data to be taken from any format."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"Our developers have complained about the Quality Gates and the number of false positives that this product reports."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Polyspace Code Prover is rated 7.6, while SonarQube is rated 8.0. The top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Polyspace Code Prover is most compared with Coverity, Klocwork, CodeSonar, Parasoft SOAtest and GitLab, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Polyspace Code Prover vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.