We performed a comparison between Check Point CloudGuard WAF and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Its ability to adapt to our applications and ensure our security policies are followed is a big plus."
"Its main value and what we liked the most is its powerful AI."
"The solution's strongest point is that you can connect everything to it, giving you a full view of what's connected."
"The app control is very sensitive, and the threat detection and prevention is better than other Check Point solutions. There is a centralized management console for threat protection and self-inspection."
"They offer free trials, which is quite appreciative and grabs more attention from new users and businesses."
"The tool performs device health checkups and updates us. It helps us to be compliant with regulatory policies."
"With the solution, we managed to obtain complete comprehensive visibility of the entire environment in the cloud, thus having better control of each of the resources."
"The solution offers continuous security monitoring and alerting, which can help organizations detect and respond to security incidents in real time."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"SonarQube is admin friendly."
"It is a very good tool for analysis despite its limitations."
"There is a free version."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"I do not know if it is already there, but I would like to have complete visibility between the posture management and firewall as a service."
"The trial version should be extended further so that QA test engineers can actually test the utilities in a real sense and can provide the maximum amount of feedback for enhancements."
"It was costlier than other solutions."
"In terms of features, I do not have any negatives. Their integration is extremely quick. It is better than others I have been involved with in the past. Their pricing model, however, can be better."
"A feature we'd like to see in the future is something that could protect against other attack vectors, with a focus on application protection."
"I advise proactive threat detection intelligence offline, which can also help monitor and ensure system checks and compliances are in place."
"Check Point CloudGuard Application Security needs to improve updates on integrations. It also needs to incorporate real-time monitoring features."
"There are occasions when it interfaces with other systems, leading to a loss of visibility."
"We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"I have found this solution creates more noise than competitors."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
Check Point CloudGuard WAF is ranked 11th in Application Security Tools with 30 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Check Point CloudGuard WAF is rated 9.0, while SonarQube is rated 8.0. The top reviewer of Check Point CloudGuard WAF writes "Automation capabilities also help streamline security processes and smooths down API integration processes and detects API availability". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Check Point CloudGuard WAF is most compared with Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Check Point CloudGuard WAF vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.