We performed a comparison between CodeSonar and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool is very good for detecting memory leaks."
"CodeSonar’s most valuable feature is finding security threats."
"There is nice functionality for code surfing and browsing."
"It has been able to scale."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"There's plenty of documentation available to users."
"The code coverage feature is very good."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"It is a very good tool for analysis despite its limitations."
"Strong code evaluation for budget-minded clients."
"The stability is good."
"SonarQube is admin friendly."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"The scanning tool for core architecture could be improved."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"There could be a shared licensing model for the users."
"It was expensive."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"There isn't a very good enterprise report."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
"You may need to purchase add-ons to get the useability you desire."
"The product's pricing could be lower."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"The product provides false reports sometimes."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
CodeSonar is ranked 21st in Application Security Tools with 7 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. CodeSonar is rated 8.2, while SonarQube is rated 8.0. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". CodeSonar is most compared with Coverity, Klocwork, Polyspace Code Prover, Semgrep Code and Fortify Static Code Analyzer, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and HCL AppScan. See our CodeSonar vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.