We performed a comparison between Fortify Application Defender and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Its ability to find security defects is valuable."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The product saves us cost and time."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The most valuable feature is that it analyzes data in real-time."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"It is very good at identifying technical debt."
"The good thing with SonarQube is it covers a lot of issues, it's a very robust framework."
"Can tweak rules and feed them into our build pipelines."
"The code coverage feature is very good."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The licensing can be a little complex."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"The solution is quite expensive."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"I encountered many false positives for Python applications."
"The workbench is a little bit complex when you first start using it."
"The false positive rate should be lower."
"After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report."
"It would be better if SonarQube provided a good UI for external configuration."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"There isn't a very good enterprise report."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"The product needs to integrate other security tools for security scanning."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Fortify Application Defender is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, Qualys Web Application Scanning and Fortify on Demand, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Fortify Application Defender vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.