We performed a comparison between HCL AppScan and Sonarqube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Sonarqube offers better integration capabilities than HCL AppScan. Additionally, Sonarqube users are happier with the pricing. For these reasons, Sonarqube is the more desirable product in this comparison.
"I like the recording feature."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"The security and the dashboard are the most valuable features."
"The reporting part is the most valuable feature."
"The most valuable feature of HCL AppScan is scanning QR codes."
"This solution saves us time due to the low number of false positives detected."
"There's extensive functionality with custom rules and a custom knowledge base."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"There is a free version."
"This solution has the capability to analyze source code in almost all the languages in the market."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"SonarQube is admin friendly."
"It is a very good tool for analysis despite its limitations."
"The stability is good."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"They could add a software component analysis tool."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"There is room for improvement in the pricing model."
"A better design of the interface and add some new rules."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"The product's user documentation can be vastly improved."
"The pricing could be reduced a bit. It's a little expensive."
"It would be better if SonarQube provided a good UI for external configuration."
"I would like to see more options for security, beyond the basics like SQL injection."
"Monitoring is a feature that can be improved in the next version."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
HCL AppScan is ranked 15th in Application Security Tools with 41 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. HCL AppScan is rated 7.8, while SonarQube is rated 8.0. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". HCL AppScan is most compared with Veracode, Acunetix, OWASP Zap, PortSwigger Burp Suite Professional and Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity and Veracode. See our HCL AppScan vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.