We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"It works with many different products."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"It is a good product for website penetration testing to detect vulnerabilities."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"The fact that the solution does security scanning is valuable."
"It is a good deal compared to all other tools on the market."
"I like that it covers most programming languages for source code review."
"Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version."
"SonarQube is good for checking and maintaining code quality."
"I like that it helps us maintain our work quality and code security."
"The most valuable features are the dashboard, the ability to drill down to the code, user-friendly, and the technical debt estimation."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"There could be better management and faster scanning."
"The virus code updates are not frequent enough."
"In certain cases, this product does have false positives, which the company should work on."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"The reporting contains too many false positives."
"Deployment can be complicated."
"The support could be faster."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"The BPM language is important and should be considered in SonarQube."
"I have found this solution creates more noise than competitors."
"There isn't a very good enterprise report."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"SonarQube is not development-centric like Snyk."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.