We performed a comparison between GitHub and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution can scale."
"You can write the code with AI. But when it comes to implementation, you must upgrade the bits of code that will support this and generate solutions based on that architecture. Then, you need comparable code bits. Therefore, AI can propose how much a specific function can be better optimized. So, AI can help stakeholders reach tasks quicker."
"Has great integration with third-party tools."
"I find the most valuable collaboration between our peers to be a seamless collaboration between our peers. We can connect and change our code, allowing us to be agile in our projects. Since we're talking about DevOps, we're using Jenkins in our pipeline. It helps speed up the process by automating the DevOps workflow."
"GitHub provides the SFH key to protect our passwords and connection."
"Even if I'm not in the office, I can access and work on my code from anywhere with my account credentials."
"The most valuable aspects of GitHub are version control and parallel development. I also appreciate the forking part, which allows us to release a specific set of features to the environment."
"The control is the most valuable feature as developers can work on a single code."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"It is a very good tool for analysis despite its limitations."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"Strong code evaluation for budget-minded clients."
"I like that it has a better dashboard compared to Clockwork. It's also stable."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"SonarQube is scalable. My company has 50 users."
"The solution has a plug-in that supports both C and C++ languages."
"It is difficult to merge a code or restore it to an older version."
"The solution needs some more controls for deleting code."
"The support team needs to have a well-defined SLA model since it is an area where the tool currently has some shortcomings."
"Github needs more storage."
"The security for this solution could be tightened up and improved."
"The solution should have less integration with the AI part, but it needs to add features with other automation tools so that it can be easily integrated."
"The UI is a little outdated, so that could be improved."
"The onboarding process could be simplified."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"The product needs to integrate other security tools for security scanning."
"The solution could improve by having better-consulting services."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"It would be better if SonarQube provided a good UI for external configuration."
"The reporting can be improved."
GitHub is ranked 9th in Application Security Tools with 75 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. GitHub is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitHub is most compared with Snyk, AWS CodeCommit, Fortify on Demand, Bitbucket and Qualys Web Application Scanning, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our GitHub vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.