We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a good product for website penetration testing to detect vulnerabilities."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"It works with many different products."
"The interface is user-friendly and easy to understand."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"Strong code evaluation for budget-minded clients."
"The software quality gate streamlines the product's quality."
"This solution has the capability to analyze source code in almost all the languages in the market."
"The static code analysis is very good."
"SonarQube is good for checking and maintaining code quality."
"Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"They should try to include business logic vulnerabilities in the scanner testing."
"The software’s pricing could be improved."
"There should be better visibility into the application."
"The pricing does not seem to be competitive."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The reporting contains too many false positives."
"The scanning part could be improved in SonarQube. We have used Coverity for scanning, and we have the critical issues reported by Coverity. When we used SonarQube for scanning and looked at the results, it seems that some of them have incorrect input. This part can be improved for C and C++ languages."
"The solution could improve by having better-consulting services."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"I think the code security can be improved."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"SonarQube is not development-centric like Snyk."
"The solution could improve by providing more advanced technologies."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.