We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"It is a good product for website penetration testing to detect vulnerabilities."
"It works with many different products."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"This has improved our organization because it has helped to find Security Vulnerabilities."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"The most valuable features are the segregation containment and the suspension of product services."
"The most valuable features are the analysis and detection of issues within the application code."
"The product should allow users to upload their payloads."
"It should have better automatic reporting."
"The product's pricing could be better."
"The software’s pricing could be improved."
"The virus code updates are not frequent enough."
"In certain cases, this product does have false positives, which the company should work on."
"There should be better visibility into the application."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"We did have some trouble with the LDAP integration for the console."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"I think the code security can be improved."
"The reporting can be improved."
"When we have a thousand products published over it, we expect it to be more efficient in terms of serving requests from the browser."
"I find it is light on the security side."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.