We performed a comparison between GitHub and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Complication free with good ability for third-party integrations."
"The solution has been stable for us."
"The most important feature of GitHub is the maintainability of the versions of the code."
"I have found GitHub stable."
"We are finding GitHub is very stable."
"The most valuable feature is the source code management. It's very helpful and it's a great product."
"The solution can scale."
"The product has a good UI. It's simple and easy to access, and technical help is easily available. The two-factor authentication security is another valuable feature."
"It provides the security that is required from a solution for financial businesses."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"SonarQube is a fantastic tool which saves us precious time."
"The solution offers a very good community edition."
"Strong code evaluation for budget-minded clients."
"It is very good at identifying technical debt."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"The user interface on GitLab is better."
"It would be better if the amount of storage were increased."
"The solution should have less integration with the AI part, but it needs to add features with other automation tools so that it can be easily integrated."
"The initial setup and implementation could be easier, I had some difficulties with it at first but I don't have a development background."
"The storage for this solution could be improved."
"GitHub could expand the limits of the free version."
"GitHub could add more security features. I am not sure how secure it is. If they provide more security features, then it can be used in more official applications."
"GitHub should provide more integration in their next release, including integrating with Jenkins, CI/CD and Jira."
"Dynamic scanning is missing and there are some issues with security scanning."
"Ease of use/interface."
"The BPM language is important and should be considered in SonarQube."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"This solution finds issues that are similar to what is found by Checkmarx, and it would be nice if the overlap could be eliminated."
"SonarQube could improve its static application security testing as per the industry standard."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
GitHub is ranked 13th in Application Security Tools with 64 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. GitHub is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitHub is most compared with Snyk, AWS CodeCommit, Bitbucket, Atlassian SourceTree and Surround SCM, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our GitHub vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.