We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"The vulnerability management feature is a strong one. And also the patch management feature."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"The product prevents possible vulnerabilities in our network."
"We have worked with the support from SonarQube and we have had good experiences."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"It has very good scalability and stability."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"SonarQube is good for checking and maintaining code quality."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"All the features of the solution are quite good."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"There could be better management and faster scanning."
"The product should allow users to upload their payloads."
"There should be better visibility into the application."
"Deployment can be complicated."
"They should try to include business logic vulnerabilities in the scanner testing."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The pricing does not seem to be competitive."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"There are limitations to the free version that limit development options as far as languages."
"The product's user documentation can be vastly improved."
"I would like to see dynamic code analysis in the next version of the software."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"A little bit more emphasis on security and a bit more security scanning features would be nice."
"In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.