We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"It is a very stable solution."
"The product prevents possible vulnerabilities in our network."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"It is a very good tool for analysis despite its limitations."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"The solution is stable."
"I like that it helps us maintain our work quality and code security."
"This solution is simple to use and can be quickly deployed."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"The virus code updates are not frequent enough."
"The product's pricing could be better."
"The software’s pricing could be improved."
"There should be better visibility into the application."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"There could be better management and faster scanning."
"The product should allow users to upload their payloads."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"A better design of the interface and add some new rules."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"The solution could improve by having better-consulting services."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, Fortify WebInspect, PortSwigger Burp Suite Professional and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.