We performed a comparison between Contrast Security Protect and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Protect provides us with more in-depth visibility into ongoing attacks."
"The solution has excellent real-time capabilities."
"The product gives a few false positives. We get 99 percent true positives."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"The most valuable features are the analysis and detection of issues within the application code."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"It is a very good tool for analysis despite its limitations."
"Contrast Security Protect needs to improve integration."
"There's room for improvement in the initial setup."
"Protect's reporting GUI is very basic. To get all statuses from the APIs, we needed to write our own KPI dashboard to provide reports."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"It should be user-friendly."
"The product's user documentation can be vastly improved."
"You may need to purchase add-ons to get the useability you desire."
Contrast Security Protect is ranked 32nd in Application Security Tools with 3 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Contrast Security Protect is rated 8.4, while SonarQube is rated 8.0. The top reviewer of Contrast Security Protect writes "It provides us with more in-depth visibility into ongoing attacks". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Contrast Security Protect is most compared with Fortify on Demand, Snyk, Tenable.io Web Application Scanning, Sonatype Lifecycle and HCL AppScan, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Contrast Security Protect vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.