We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The vulnerability management feature is a strong one. And also the patch management feature."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"The interface is user-friendly and easy to understand."
"This product is designed for easy scalability and can easily scale up without major challenges."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"It is a very stable solution."
"I like that it covers most programming languages for source code review."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"If you want to have your code scanned and timed then this is a good tool."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"The product has a friendly UI that is easy to use and understand."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"It's enabled us to improve software quality and help us to disseminate best practices."
"The product should allow users to upload their payloads."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The solution needs to adjust its pricing. They should make it more affordable."
"The reporting contains too many false positives."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"They should try to include business logic vulnerabilities in the scanner testing."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"There should be better visibility into the application."
"The product needs to integrate other security tools for security scanning."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"The security in SonarQube could be better."
"We could use some team support, but since we are using the community version, it's not available."
"I have found this solution creates more noise than competitors."
"The reporting can be improved."
"Currently requires multiple tools, lacking one overall tool."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.