We performed a comparison between ShiftLeft and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"It is a good deal compared to all other tools on the market."
"SonarQube is a fantastic tool which saves us precious time."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"I like that it has a better dashboard compared to Clockwork. It's also stable."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
"I would like to see more options for security, beyond the basics like SQL injection."
"The product must improve security analysis."
"The scanning part could be improved in SonarQube. We have used Coverity for scanning, and we have the critical issues reported by Coverity. When we used SonarQube for scanning and looked at the results, it seems that some of them have incorrect input. This part can be improved for C and C++ languages."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"The solution could improve by providing more advanced technologies."
"We could use some team support, but since we are using the community version, it's not available."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
ShiftLeft is ranked 26th in Application Security Tools with 1 review while SonarQube is ranked 1st in Application Security Tools with 110 reviews. ShiftLeft is rated 10.0, while SonarQube is rated 8.0. The top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". ShiftLeft is most compared with Black Duck and Semgrep Supply Chain, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.