We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a very stable solution."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"It is easy to use."
"This product is designed for easy scalability and can easily scale up without major challenges."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"SonarQube is admin friendly."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"It easily ties into our continuous integration pipeline."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"SonarQube is good for checking and maintaining code quality."
"The product's pricing could be better."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"In certain cases, this product does have false positives, which the company should work on."
"There could be better management and faster scanning."
"The pricing does not seem to be competitive."
"The virus code updates are not frequent enough."
"The product should allow users to upload their payloads."
"There isn't a very good enterprise report."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"The solution could improve by having better-consulting services."
"In terms of what can be improved, the areas that need more attention in the solution are its architecture and development."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.