We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"This product is designed for easy scalability and can easily scale up without major challenges."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"The SonarQube dashboard looks great."
"We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard."
"The most valuable feature of this solution is that it is free."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"Provides local scanning for developers."
"The overall quality of the indicator is good."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"This has improved our organization because it has helped to find Security Vulnerabilities."
"They should try to include business logic vulnerabilities in the scanner testing."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"There could be better management and faster scanning."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"The product should allow users to upload their payloads."
"It should have better automatic reporting."
"The pricing does not seem to be competitive."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"It would be better if SonarQube provided a good UI for external configuration."
"The pricing could be reduced a bit. It's a little expensive."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"A little bit more emphasis on security and a bit more security scanning features would be nice."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.