We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a very stable solution."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"It works with many different products."
"The product prevents possible vulnerabilities in our network."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"It is a cloud-based solution, so it is easy to scale."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"The vulnerability management feature is a strong one. And also the patch management feature."
"SonarQube is scalable. My company has 50 users."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"SonarQube is a fantastic tool which saves us precious time."
"It is a very good tool for analysis and security vulnerability checking."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The pricing does not seem to be competitive."
"The virus code updates are not frequent enough."
"It should have better automatic reporting."
"The solution needs to adjust its pricing. They should make it more affordable."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"There should be better visibility into the application."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
"The product provides false reports sometimes."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.