We performed a comparison between Parasoft SOAtest and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Since the solution has both command line and automation options, it generates good reports."
"We can automate our scenarios in a data driven format, which shows there is no rework on scripts. We only need to update the test data and run for a number of scenarios."
"The solution is scalable."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"Automatic testing is the most valuable feature."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"The testing time is shortened because we generate test data automatically with SOAtest."
"Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"If you want to have your code scanned and timed then this is a good tool."
"The most valuable features are code scanning and Quality Gates."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"It has very good scalability and stability."
"It provides the security that is required from a solution for financial businesses."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"The product is very slow to start up, and that is a bit of a problem, actually."
"The summary reports could be improved."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"The performance could be a bit better."
"Reporting facilities can be better."
"Tuning the tool takes time because it gives quite a long list of warnings."
"UI testing should be more in-depth."
"The security in SonarQube could be better."
"Currently requires multiple tools, lacking one overall tool."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"Dynamic scanning is missing and there are some issues with security scanning."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
Parasoft SOAtest is ranked 28th in Application Security Testing (AST) with 30 reviews while SonarQube is ranked 1st in Application Security Testing (AST) with 108 reviews. Parasoft SOAtest is rated 8.2, while SonarQube is rated 8.0. The top reviewer of Parasoft SOAtest writes "Reliable with a good interface but uses too much memory". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Parasoft SOAtest is most compared with Postman, Coverity, Polyspace Code Prover, Klocwork and ReadyAPI, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Parasoft SOAtest vs. SonarQube report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.