We performed a comparison between HCL AppScan, SonarQube, and Trustwave App Scanner [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"We are now deploying less defects to production."
"This is a stable solution."
"Compared to other tools only AppScan supports special language."
"The most valuable feature of the solution is the scanning or security part."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"We use it as a security testing application."
"The most valuable feature of the solution is Postman."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"Before you even compile, it can catch known vulnerability issues or patterns."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"Strong code evaluation for budget-minded clients."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"The software quality gate streamlines the product's quality."
"Code Convention: Using the tool to implement some sort of coding convention is really useful and ensures that the code is consistent no matter how many contributors."
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"The stability is great. We haven't had any issues at all with it."
"Scans become slow on large websites."
"It has crashed at times."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"IBM Security AppScan Source is rather hard to use."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"The product has some technical limitations."
"When we have a thousand products published over it, we expect it to be more efficient in terms of serving requests from the browser."
"We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer."
"We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major."
"A better design of the interface and add some new rules."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"The product's pricing could be lower."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
Earn 20 points