We performed a comparison between Rapid7 AppSpider and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It scans all the components developed within a web application."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"I would say that it is stable, as I am not aware of any major issues."
"It is really accurate and the rate of false positives is very low."
"The setup is usually straightforward."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"The most valuable features are the dashboard, the ability to drill down to the code, user-friendly, and the technical debt estimation."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"Offers multi-programming language support"
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"The solution has a plug-in that supports both C and C++ languages."
"AppSpider has some problems with the RAM needed while scanning."
"There are some glitches with stability, and it is an area for improvement."
"The tech support is responsive but issues remain unresolved."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"The enterprise interface is too simple. It should be more customizable."
"The dashboard and interface are crucial and they need some improvement."
"This price of this solution is a little bit expensive."
"Expression of common vulnerabilities and exposures is not always current."
"I have found this solution creates more noise than competitors."
"The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at."
"SonarQube needs to improve its ease of use, integration with third-party platforms, and scalability."
"The product must improve security analysis."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"It should be user-friendly."
"The documentation is not clear and it needs to be updated."
Rapid7 AppSpider is ranked 26th in Static Application Security Testing (SAST) with 13 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 112 reviews. Rapid7 AppSpider is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and PortSwigger Burp Suite Professional, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our Rapid7 AppSpider vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.