We performed a comparison between Qualys Web Application Scanning and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"The vulnerability management feature is a strong one. And also the patch management feature."
"The interface is user-friendly and easy to understand."
"It works with many different products."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"It is working fine. It provides a good value for money."
"SonarQube is admin friendly."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"It should have better automatic reporting."
"The reporting contains too many false positives."
"There should be better visibility into the application."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"They should try to include business logic vulnerabilities in the scanner testing."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The product's pricing could be better."
"The security in SonarQube could be better."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"Ease of use/interface."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"The pricing could be reduced a bit. It's a little expensive."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
"SonarQube could improve its static application security testing as per the industry standard."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Qualys Web Application Scanning is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Qualys Web Application Scanning vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.