We performed a comparison between Apiiro and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The workflow automation is likely the best aspect of the solution."
"Apiiro's secrets detection feature has saved us several times, which we appreciate greatly."
"The product itself has a friendly UI."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"It is a very good tool for analysis and security vulnerability checking."
"SonarQube is a fantastic tool which saves us precious time."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"I would like support for our self-hosted Git server, other than GitHub, just regular Git."
"User management is a little bit clunky."
"We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"I would like to see more options for security, beyond the basics like SQL injection."
"The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at."
"Expression of common vulnerabilities and exposures is not always current."
"SonarQube is not development-centric like Snyk."
Apiiro is ranked 21st in Static Application Security Testing (SAST) with 2 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 110 reviews. Apiiro is rated 8.6, while SonarQube is rated 8.0. The top reviewer of Apiiro writes "A great secrets detection feature, good visibility, and integrates well". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Apiiro is most compared with Snyk, Ox Security, Cycode, Semgrep Supply Chain and Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Apiiro vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.