We performed a comparison between Acunetix and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool's most valuable feature is performance."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"The usability and overall scan results are good."
"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
"The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"Our developers can run the attacks directly from their environments, desktops."
"The stability is good."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"Any developer can easily identify issues using the process flow or steps provided by SonarQube. In terms of integration, SonarQube makes it quite easy, simplifying the steps for users."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"The solution is stable."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"The code coverage feature is very good."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"The pricing is a bit on the higher side."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"Acunetix needs to improve its cost."
"There's a clear need for a reduction in pricing to make the service more accessible."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
"There are limitations to the free version that limit development options as far as languages."
"Ease of use/interface."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"I would like to see more options for security, beyond the basics like SQL injection."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
Acunetix is ranked 17th in Application Security Tools with 26 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. Acunetix is rated 7.6, while SonarQube is rated 8.0. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Tenable Nessus, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our Acunetix vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.