We performed a comparison between Polyspace Code Prover and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The outputs are very reliable."
"Polyspace Code Prover is a very user-friendly tool."
"The product detects memory corruptions."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"It easily ties into our continuous integration pipeline."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version."
"The most valuable function is its usability."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"I'd like the data to be taken from any format."
"Automation could be a challenge."
"Using Code Prover on large applications crashes sometimes."
"One of the main disadvantages is the time it takes to initiate the first run."
"The tool has some stability issues."
"The solution could improve by providing more advanced technologies."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"SonarQube needs to improve its ease of use, integration with third-party platforms, and scalability."
Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Polyspace Code Prover is rated 7.6, while SonarQube is rated 8.0. The top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Polyspace Code Prover is most compared with Coverity, Klocwork, CodeSonar, Parasoft SOAtest and GitLab, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Polyspace Code Prover vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.