We performed a comparison between Acunetix, HCL AppScan, and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The usability and overall scan results are good."
"Overall, it's a very good tool and a very good engine."
"It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"Our developers can run the attacks directly from their environments, desktops."
"The solution is highly stable."
"Picks up weaknesses in our app setups."
"The most valuable feature of HCL AppScan is scanning QR codes."
"The most valuable feature of the solution is the scanning or security part."
"The most valuable feature of the solution is Postman."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"We leverage it as a quality check against code."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"Technical support is helpful."
"The reporting part is the most valuable feature."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"We advise all of our developers to have this solution in place."
"The static code analysis is very good."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"The software quality gate streamlines the product's quality."
"Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"While we do have it integrated with other solutions, it could still offer more integrations."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."
"The solution's pricing could be better."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"Sometimes it doesn't work so well."
"There is room for improvement in the pricing model."
"The solution could improve by having a mobile version."
"Many silly false positives are produced."
"The product has some technical limitations."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"The product must improve security analysis."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"I would like to see dynamic code analysis in the next version of the software."
"A little bit more emphasis on security and a bit more security scanning features would be nice."
"The product's user documentation can be vastly improved."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."