We performed a comparison between Check Point CloudGuard WAF and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."After integrating AppSec with other applications, team members can easily work without fear of confidential information exposure."
"The features I have found most valuable are the comprehensive threat prevention capabilities, automated policy management, and seamless integration with cloud environments."
"The tool helps us to block IPs and applications."
"With the solution, we managed to obtain complete comprehensive visibility of the entire environment in the cloud, thus having better control of each of the resources."
"Whenever there was a new CVE, Check Point CloudGuard WAF used to block them."
"We have not had any incidents. We could realize its benefits immediately. We watched and monitored the traffic, and it was amazing to see the results."
"The first valuable feature is that it is not a complex process to get it up and running. It was not complex at all. We were in a close relationship with the team that developed the app, and it worked in a few hours. The second valuable feature is the information that comes out of it."
"It offers good functionality of the application that is currently running."
"The software quality gate streamlines the product's quality."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"All the features of the solution are quite good."
"There is a free version."
"The most valuable function is its usability."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"The coding configurations can be simplified to save time for IT teams and developers."
"Improving the process for handling licensing renewals would be a welcome enhancement."
"The creation of security profiles for each application takes a lot of time."
"For the next release, I would suggest considering features like enhanced threat intelligence integration."
"There are occasions when it interfaces with other systems, leading to a loss of visibility."
"I feel like I need more clarity in understanding pricing for DDoS protection."
"It was costlier than other solutions."
"The trial version should be extended further so that QA test engineers can actually test the utilities in a real sense and can provide the maximum amount of feedback for enhancements."
"I have found this solution creates more noise than competitors."
"The documentation is not clear and it needs to be updated."
"Currently requires multiple tools, lacking one overall tool."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"It does not provide deeper scanning of vulnerabilities in an application, on a live session. This is something we are not happy about. Maybe the reason for that is we are running the community edition currently, but other editions may improve on that aspect."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"If I configure a project in SonarQube, it generates a token. When we're compiling our code with SonarQube, we have to provide the token for security reasons. If IP-based connectivity is established with the solution, the project should automatically be populated without providing any additional token. It will be easy to provide just the IP address. It currently supports this functionality, but it makes a different branch in the project dashboard. From the configuration and dashboard point of view, it should have some transformations. There can be dashboard integration so that we can configure the dashboard for different purposes."
"SonarQube needs to improve its ease of use, integration with third-party platforms, and scalability."
Check Point CloudGuard WAF is ranked 11th in Application Security Tools with 30 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. Check Point CloudGuard WAF is rated 9.0, while SonarQube is rated 8.0. The top reviewer of Check Point CloudGuard WAF writes "Automation capabilities also help streamline security processes and smooths down API integration processes and detects API availability". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Check Point CloudGuard WAF is most compared with Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Check Point CloudGuard WAF vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.