We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"This product is designed for easy scalability and can easily scale up without major challenges."
"It is a very stable solution."
"The product prevents possible vulnerabilities in our network."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"It is a good product for website penetration testing to detect vulnerabilities."
"The interface is user-friendly and easy to understand."
"It is a cloud-based solution, so it is easy to scale."
"It provides the security that is required from a solution for financial businesses."
"SonarQube is scalable. My company has 50 users."
"If you want to have your code scanned and timed then this is a good tool."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"We advise all of our developers to have this solution in place."
"It automatically scans for code, detects vulnerabilities, and generates daily reports."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"They should try to include business logic vulnerabilities in the scanner testing."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The software’s pricing could be improved."
"The support could be faster."
"The reporting contains too many false positives."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"There should be better visibility into the application."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
"I have found this solution creates more noise than competitors."
"Lacks sufficient visibility and documentation."
"The BPM language is important and should be considered in SonarQube."
"SonarQube could improve its static application security testing as per the industry standard."
"I would like to see more options for security, beyond the basics like SQL injection."
"There could be better integration with other products."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.