We performed a comparison between SonarQube and Tenable.io Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is very good at identifying technical debt."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"Can tweak rules and feed them into our build pipelines."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"It is fully automated."
"The most effective feature of the product is the ability to scan the entire environment."
"The initial setup is straightforward."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
"It should be user-friendly."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"We did have some trouble with the LDAP integration for the console."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"The product provides false reports sometimes."
"This solution finds issues that are similar to what is found by Checkmarx, and it would be nice if the overlap could be eliminated."
"We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"The dashboard could be more user-friendly."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
"The technical support should be improved. Currently, some attacks are detected while others are not."
"The report customization needs to be better."
"It isn't easy to manage vulnerabilities in Tenable."
"It would be great if there were a dashboard that is more user-friendly."
"The solution's dashboards could be improved and made more user-friendly."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
SonarQube is ranked 1st in Application Security Tools with 112 reviews while Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews. SonarQube is rated 8.0, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security, whereas Tenable.io Web Application Scanning is most compared with Acunetix, Qualys Web Application Scanning, Fortify on Demand, PortSwigger Burp Suite Professional and Invicti. See our SonarQube vs. Tenable.io Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.