We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This product is designed for easy scalability and can easily scale up without major challenges."
"The interface is user-friendly and easy to understand."
"The vulnerability management feature is a strong one. And also the patch management feature."
"It is a very stable solution."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"We have worked with the support from SonarQube and we have had good experiences."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"Before you even compile, it can catch known vulnerability issues or patterns."
"The pricing does not seem to be competitive."
"There could be better management and faster scanning."
"The product's pricing could be better."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The product should allow users to upload their payloads."
"Deployment can be complicated."
"The virus code updates are not frequent enough."
"The reporting contains too many false positives."
"We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major."
"I would like to see dynamic code analysis in the next version of the software."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"There isn't a very good enterprise report."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"We could use some team support, but since we are using the community version, it's not available."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.