We performed a comparison between SonarQube and Synopsys Code Dx based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."Strong code evaluation for budget-minded clients."
"Code Convention: Using the tool to implement some sort of coding convention is really useful and ensures that the code is consistent no matter how many contributors."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"Provides local scanning for developers."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"If code coverage is a low number then that's of great value to me."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"We could use some team support, but since we are using the community version, it's not available."
"When we have a thousand products published over it, we expect it to be more efficient in terms of serving requests from the browser."
"The product provides false reports sometimes."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"A better design of the interface and add some new rules."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
SonarQube is ranked 1st in Static Application Security Testing (SAST) with 112 reviews while Synopsys Code Dx is ranked 31st in Static Application Security Testing (SAST) with 1 review. SonarQube is rated 8.0, while Synopsys Code Dx is rated 0.0. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Synopsys Code Dx writes "Facilitates continuous assessment of applications, covering both static and dynamic security aspects". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security, whereas Synopsys Code Dx is most compared with Veracode, Checkmarx One and Coverity.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.