We performed a comparison between SonarQube and Tenable.io Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"All the features of the solution are quite good."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"The solution is stable."
"The initial setup is straightforward."
"We can get detailed information about vulnerabilities."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"Tenable.io Web Application Scanning is very easy to use."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
"Dynamic scanning is missing and there are some issues with security scanning."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"There are limitations to the free version that limit development options as far as languages."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"The pricing could be reduced a bit. It's a little expensive."
"A little bit more emphasis on security and a bit more security scanning features would be nice."
"The solution could improve by having better-consulting services."
"The technical support should be improved. Currently, some attacks are detected while others are not."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
"The report customization needs to be better."
"It would be great if there were a dashboard that is more user-friendly."
"The solution's dashboards could be improved and made more user-friendly."
"It isn't easy to manage vulnerabilities in Tenable."
"Tenable.io Web Application Scanning conducts a general scan, which wastes time. The scan needs to be specific."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
SonarQube is ranked 1st in Application Security Tools with 110 reviews while Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews. SonarQube is rated 8.0, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Tenable.io Web Application Scanning is most compared with Acunetix, Qualys Web Application Scanning, Fortify on Demand, PortSwigger Burp Suite Professional and Invicti. See our SonarQube vs. Tenable.io Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.