We performed a comparison between CAST Application Intelligence Platform and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Software Development Analytics solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform."
"It supports most programming languages."
"Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients."
"Used for controlling the technical debt and code quality."
"The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out."
"The SonarQube dashboard looks great."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"It is working fine. It provides a good value for money."
"The fact that the solution does security scanning is valuable."
"The solution is stable."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"It has very few plugins to access different code repositories, so source code has to be fed."
"Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues."
"The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules. An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code."
"The integration of this solution could be improved."
"Implementation could be made more simpler as it is complex."
"I find it is light on the security side."
"The product needs to integrate other security tools for security scanning."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"The product's user documentation can be vastly improved."
"The BPM language is important and should be considered in SonarQube."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"Expression of common vulnerabilities and exposures is not always current."
"It would be better if SonarQube provided a good UI for external configuration."
More CAST Application Intelligence Platform Pricing and Cost Advice →
CAST Application Intelligence Platform is ranked 3rd in Software Development Analytics with 4 reviews while SonarQube is ranked 1st in Software Development Analytics with 112 reviews. CAST Application Intelligence Platform is rated 7.0, while SonarQube is rated 8.0. The top reviewer of CAST Application Intelligence Platform writes "Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". CAST Application Intelligence Platform is most compared with Fortify Application Defender, Fortify on Demand, Checkmarx One and BlueOptima, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our CAST Application Intelligence Platform vs. SonarQube report.
See our list of best Software Development Analytics vendors.
We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.