We performed a comparison between SonarQube and Synopsys Code Dx based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."The SonarQube dashboard looks great."
"It is a very good tool for analysis despite its limitations."
"SonarQube is a fantastic tool which saves us precious time."
"The solution has a plug-in that supports both C and C++ languages."
"We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"The solution is stable."
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
"The solution could improve by having better-consulting services."
"The security in SonarQube could be better."
"There isn't a very good enterprise report."
"Code security scanning could be improved."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
SonarQube is ranked 1st in Application Security Testing (AST) with 110 reviews while Synopsys Code Dx is ranked 31st in Application Security Testing (AST) with 1 review. SonarQube is rated 8.0, while Synopsys Code Dx is rated 0.0. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Synopsys Code Dx writes "Facilitates continuous assessment of applications, covering both static and dynamic security aspects". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Synopsys Code Dx is most compared with Veracode, Checkmarx One and Coverity.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.