We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."By using QualysGuard, we are able to finish external scans with assured results in half the time."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"The interface is user-friendly and easy to understand."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"Before you even compile, it can catch known vulnerability issues or patterns."
"It has very good scalability and stability."
"The most valuable features are the analysis and detection of issues within the application code."
"It is a very good tool for analysis despite its limitations."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"There should be better visibility into the application."
"The support could be faster."
"The product should allow users to upload their payloads."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"In certain cases, this product does have false positives, which the company should work on."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"Technical support and the price could be better."
"The product's user documentation can be vastly improved."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"A better design of the interface and add some new rules."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.