We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a very stable solution."
"The interface is user-friendly and easy to understand."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"It is easy to use."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"It is a good product for website penetration testing to detect vulnerabilities."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"This solution is simple to use and can be quickly deployed."
"It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"The most valuable features are the segregation containment and the suspension of product services."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"It is working fine. It provides a good value for money."
"Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version."
"There should be better visibility into the application."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The product should allow users to upload their payloads."
"There should be better visibility into the application."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple."
"We could use some team support, but since we are using the community version, it's not available."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"The security in SonarQube could be better."
"SonarQube is not development-centric like Snyk."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
"The pricing could be reduced a bit. It's a little expensive."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.