We performed a comparison between Contrast Security Protect and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product gives a few false positives. We get 99 percent true positives."
"Protect provides us with more in-depth visibility into ongoing attacks."
"The solution has excellent real-time capabilities."
"Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"We advise all of our developers to have this solution in place."
"With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"If code coverage is a low number then that's of great value to me."
"There is a free version."
"Protect's reporting GUI is very basic. To get all statuses from the APIs, we needed to write our own KPI dashboard to provide reports."
"Contrast Security Protect needs to improve integration."
"There's room for improvement in the initial setup."
"The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple."
"In terms of what can be improved, the areas that need more attention in the solution are its architecture and development."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
"You may need to purchase add-ons to get the useability you desire."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."
"I would like to see dynamic code analysis in the next version of the software."
"I have found this solution creates more noise than competitors."
Contrast Security Protect is ranked 33rd in Application Security Tools with 3 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. Contrast Security Protect is rated 8.4, while SonarQube is rated 8.0. The top reviewer of Contrast Security Protect writes "It provides us with more in-depth visibility into ongoing attacks". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Contrast Security Protect is most compared with Fortify on Demand, Snyk, Tenable.io Web Application Scanning and Sonatype Lifecycle, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our Contrast Security Protect vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.