We performed a comparison between Polyspace Code Prover and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"The outputs are very reliable."
"Polyspace Code Prover is a very user-friendly tool."
"The product detects memory corruptions."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"The initial setup is simple. It requires some security, but it's simple."
"I like that it covers most programming languages for source code review."
"I'd like the data to be taken from any format."
"One of the main disadvantages is the time it takes to initiate the first run."
"Using Code Prover on large applications crashes sometimes."
"The tool has some stability issues."
"Automation could be a challenge."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"It would be better if SonarQube provided a good UI for external configuration."
"The solution could improve by providing more advanced technologies."
"Expression of common vulnerabilities and exposures is not always current."
"The scanning part could be improved in SonarQube. We have used Coverity for scanning, and we have the critical issues reported by Coverity. When we used SonarQube for scanning and looked at the results, it seems that some of them have incorrect input. This part can be improved for C and C++ languages."
"You may need to purchase add-ons to get the useability you desire."
"The BPM language is important and should be considered in SonarQube."
Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Polyspace Code Prover is rated 7.6, while SonarQube is rated 8.0. The top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Polyspace Code Prover is most compared with Coverity, Klocwork, CodeSonar, Parasoft SOAtest and GitLab, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Polyspace Code Prover vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.