We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"This product is designed for easy scalability and can easily scale up without major challenges."
"It is a very stable solution."
"The product prevents possible vulnerabilities in our network."
"It works with many different products."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"The software quality gate streamlines the product's quality."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"The product has a friendly UI that is easy to use and understand."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"I like that it covers most programming languages for source code review."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"The software’s pricing could be improved."
"There should be better visibility into the application."
"In certain cases, this product does have false positives, which the company should work on."
"The reporting contains too many false positives."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"The pricing does not seem to be competitive."
"They should try to include business logic vulnerabilities in the scanner testing."
"The product must improve security analysis."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"The handling of the contents of Docker container images could be better."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"Ease of use/interface."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.