We performed a comparison between Fortify Application Defender and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The product saves us cost and time."
"The solution helped us to improve the code quality of our organization."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The solution is stable."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"The most valuable features are the analysis and detection of issues within the application code."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"It's enabled us to improve software quality and help us to disseminate best practices."
"This solution has helped with the integration and building of our CICD pipeline."
"The most valuable features are the segregation containment and the suspension of product services."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The false positive rate should be lower."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"I encountered many false positives for Python applications."
"Fortify Application Defender gives a lot of false positives."
"Support for older compilers/IDEs is lacking."
"The solution is quite expensive."
"The workbench is a little bit complex when you first start using it."
"The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple."
"This solution finds issues that are similar to what is found by Checkmarx, and it would be nice if the overlap could be eliminated."
"SonarQube needs to improve its ease of use, integration with third-party platforms, and scalability."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"The product provides false reports sometimes."
"We could use some team support, but since we are using the community version, it's not available."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major."
Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Fortify Application Defender is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, Qualys Web Application Scanning and Fortify on Demand, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Fortify Application Defender vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.