We performed a comparison between Parasoft SOAtest and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."They have a feature where they can record traffic and create tests on the report traffic."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"Since the solution has both command line and automation options, it generates good reports."
"Every imaginable source in the entire world of information technology can be accessed and used."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"We can automate our scenarios in a data driven format, which shows there is no rework on scripts. We only need to update the test data and run for a number of scenarios."
"The testing time is shortened because we generate test data automatically with SOAtest."
"We have seen a return on investment."
"It is very good at identifying technical debt."
"The most valuable function is its usability."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"This solution has the capability to analyze source code in almost all the languages in the market."
"Any developer can easily identify issues using the process flow or steps provided by SonarQube. In terms of integration, SonarQube makes it quite easy, simplifying the steps for users."
"It has very good scalability and stability."
"This solution has helped with the integration and building of our CICD pipeline."
"The overall quality of the indicator is good."
"The summary reports could be improved."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"Tuning the tool takes time because it gives quite a long list of warnings."
"Reporting facilities can be better."
"The performance could be a bit better."
"The product is very slow to start up, and that is a bit of a problem, actually."
"The handling of the contents of Docker container images could be better."
"I would like to see more options for security, beyond the basics like SQL injection."
"In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."
"I would like to see dynamic code analysis in the next version of the software."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
Parasoft SOAtest is ranked 28th in Static Application Security Testing (SAST) with 30 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 111 reviews. Parasoft SOAtest is rated 8.2, while SonarQube is rated 8.0. The top reviewer of Parasoft SOAtest writes "Good API testing and RIT feature; clarity could be improved". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Parasoft SOAtest is most compared with Postman, Coverity, Polyspace Code Prover, Klocwork and ReadyAPI, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Parasoft SOAtest vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.