We performed a comparison between Apiiro and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Apiiro's secrets detection feature has saved us several times, which we appreciate greatly."
"The workflow automation is likely the best aspect of the solution."
"The solution's user interface is very user-friendly."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"We advise all of our developers to have this solution in place."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"The fact that the solution does security scanning is valuable."
"Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version."
"One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside."
"I would like support for our self-hosted Git server, other than GitHub, just regular Git."
"User management is a little bit clunky."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"SonarQube could improve its static application security testing as per the industry standard."
"I have found this solution creates more noise than competitors."
"The handling of the contents of Docker container images could be better."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"SonarQube is not development-centric like Snyk."
"Technical support and the price could be better."
"We could use some team support, but since we are using the community version, it's not available."
Apiiro is ranked 21st in Static Application Security Testing (SAST) with 2 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 110 reviews. Apiiro is rated 8.6, while SonarQube is rated 8.0. The top reviewer of Apiiro writes "A great secrets detection feature, good visibility, and integrates well". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Apiiro is most compared with Snyk, Ox Security, Cycode, Semgrep Supply Chain and Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Apiiro vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.