We performed a comparison between ShiftLeft and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"The static code analysis is very good."
"If code coverage is a low number then that's of great value to me."
"The product has a friendly UI that is easy to use and understand."
"There is a free version."
"It's enabled us to improve software quality and help us to disseminate best practices."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"Provides local scanning for developers."
"My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
"I think the code security can be improved."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"In terms of what can be improved, the areas that need more attention in the solution are its architecture and development."
"There isn't a very good enterprise report."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
ShiftLeft is ranked 26th in Application Security Tools with 1 review while SonarQube is ranked 1st in Application Security Tools with 112 reviews. ShiftLeft is rated 10.0, while SonarQube is rated 8.0. The top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". ShiftLeft is most compared with Black Duck, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.