We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"It is easy to use."
"It is a good product for website penetration testing to detect vulnerabilities."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"I like that it has a better dashboard compared to Clockwork. It's also stable."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"It is very good at identifying technical debt."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"There is a free version."
"There could be better management and faster scanning."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"In certain cases, this product does have false positives, which the company should work on."
"The virus code updates are not frequent enough."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The support could be faster."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
"We did have some trouble with the LDAP integration for the console."
"The solution could improve by having better-consulting services."
"SonarQube is not development-centric like Snyk."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"The reporting can be improved."
"Ease of use/interface."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.