We performed a comparison between Rapid7 AppSpider and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"The most valuable feature is the reporting, which is compliant with international standards."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"It is really accurate and the rate of false positives is very low."
"I would say that it is stable, as I am not aware of any major issues."
"The most valuable feature of this solution is that it is free."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"SonarQube is good for checking and maintaining code quality."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"There are some glitches with stability, and it is an area for improvement."
"This price of this solution is a little bit expensive."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"It needs better integration with mobile applications."
"AppSpider has some problems with the RAM needed while scanning."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"Integration could be better."
"I find it is light on the security side."
"A better design of the interface and add some new rules."
"Dynamic scanning is missing and there are some issues with security scanning."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"We could use some team support, but since we are using the community version, it's not available."
"Lacks sufficient visibility and documentation."
Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 112 reviews. Rapid7 AppSpider is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and PortSwigger Burp Suite Professional, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our Rapid7 AppSpider vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.