We performed a comparison between SonarQube and Synopsys Code Dx based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The code coverage feature is very good."
"All the features of the solution are quite good."
"This solution is simple to use and can be quickly deployed."
"Strong code evaluation for budget-minded clients."
"The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"Any developer can easily identify issues using the process flow or steps provided by SonarQube. In terms of integration, SonarQube makes it quite easy, simplifying the steps for users."
"Before you even compile, it can catch known vulnerability issues or patterns."
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"The BPM language is important and should be considered in SonarQube."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"Dynamic scanning is missing and there are some issues with security scanning."
"SonarQube could improve its static application security testing as per the industry standard."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"The security in SonarQube could be better."
"The scanning part could be improved in SonarQube. We have used Coverity for scanning, and we have the critical issues reported by Coverity. When we used SonarQube for scanning and looked at the results, it seems that some of them have incorrect input. This part can be improved for C and C++ languages."
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
SonarQube is ranked 1st in Static Application Security Testing (SAST) with 112 reviews while Synopsys Code Dx is ranked 31st in Static Application Security Testing (SAST) with 1 review. SonarQube is rated 8.0, while Synopsys Code Dx is rated 0.0. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Synopsys Code Dx writes "Facilitates continuous assessment of applications, covering both static and dynamic security aspects". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security, whereas Synopsys Code Dx is most compared with Veracode, Checkmarx One and Coverity.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.