We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a cloud-based solution, so it is easy to scale."
"It works with many different products."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"The vulnerability management feature is a strong one. And also the patch management feature."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"The product has a friendly UI that is easy to use and understand."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"If code coverage is a low number then that's of great value to me."
"The product is simple."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"It is a very good tool for analysis despite its limitations."
"The product should allow users to upload their payloads."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The pricing does not seem to be competitive."
"The product's pricing could be better."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"The reporting contains too many false positives."
"There are limitations to the free version that limit development options as far as languages."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"I would like to see dynamic code analysis in the next version of the software."
"This solution finds issues that are similar to what is found by Checkmarx, and it would be nice if the overlap could be eliminated."
"Monitoring is a feature that can be improved in the next version."
"There needs to be a shareable reporting piece or something we can click and generate easily."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 18th in Application Security Tools with 11 reviews while SonarQube is ranked 1st in Application Security Tools with 18 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "Operates as a DAST tool, examining the application from an external perspective to identify security issues". On the other hand, the top reviewer of SonarQube writes "A stable solution that needs to make its enterprise version and support available to users in Thailand". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.