We performed a comparison between Rapid7 AppSpider and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"It is really accurate and the rate of false positives is very low."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"It scans all the components developed within a web application."
"The setup is usually straightforward."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
"There's plenty of documentation available to users."
"It's enabled us to improve software quality and help us to disseminate best practices."
"There is a free version."
"SonarQube is a fantastic tool which saves us precious time."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"The dashboard and interface are crucial and they need some improvement."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"There are some glitches with stability, and it is an area for improvement."
"The tech support is responsive but issues remain unresolved."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"AppSpider has some problems with the RAM needed while scanning."
"Ease of use/interface."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
"There are limitations to the free version that limit development options as far as languages."
"SonarQube is not development-centric like Snyk."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"Currently requires multiple tools, lacking one overall tool."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 111 reviews. Rapid7 AppSpider is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and PortSwigger Burp Suite Professional, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Rapid7 AppSpider vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.