We performed a comparison between HCL AppScan and Sonarqube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Sonarqube offers better integration capabilities than HCL AppScan. Additionally, Sonarqube users are happier with the pricing. For these reasons, Sonarqube is the more desirable product in this comparison.
"The UI was very intuitive."
"You can easily find particular features and functions through the UI."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"The solution offers services in a few specific development languages."
"We are now deploying less defects to production."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"Compared to other tools only AppScan supports special language."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"The fact that the solution does security scanning is valuable."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"We have worked with the support from SonarQube and we have had good experiences."
"The product is simple."
"The solution is stable."
"We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard."
"HCL AppScan needs to improve security."
"They have to improve support."
"There is not a central management for static and dynamic."
"Sometimes it doesn't work so well."
"They could add a software component analysis tool."
"The pricing has room for improvement."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"A desktop version should be added."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"I think the code security can be improved."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"Monitoring is a feature that can be improved in the next version."
"After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
HCL AppScan is ranked 15th in Application Security Tools with 41 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. HCL AppScan is rated 7.8, while SonarQube is rated 8.0. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". HCL AppScan is most compared with Veracode, Acunetix, OWASP Zap, PortSwigger Burp Suite Professional and Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity and Veracode. See our HCL AppScan vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.