Fortra Tripwire IP360 vs HCL AppScan vs SonarQube comparison

Cancel
You must select at least 2 products to compare!
HCLTech Logo
5,763 views|4,452 comparisons
Sonar Logo
57,256 views|45,052 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Fortra Tripwire IP360, HCL AppScan, and SonarQube based on real PeerSpot user reviews.

Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management.
To learn more, read our detailed Vulnerability Management Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We could manage our entire IP range with the solution.""Tripwire IP360 is a very stable solution.""It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."

More Fortra Tripwire IP360 Pros →

"The solution is easy to use.""For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted.""Compared to other tools only AppScan supports special language.""The most valuable feature of the solution is Postman.""It provides a better integration for our ecosystem.""Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production.""Technical support is helpful.""You can easily find particular features and functions through the UI."

More HCL AppScan Pros →

"The product is simple.""Code Convention: Using the tool to implement some sort of coding convention is really useful and ensures that the code is consistent no matter how many contributors.""We advise all of our developers to have this solution in place.""SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications.""The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability.""The solution has a plug-in that supports both C and C++ languages.""It is a very good tool for analysis and security vulnerability checking.""There are many options and examples available in the tool that help us fix the issues it shows us."

More SonarQube Pros →

Cons
"I am not very impressed by the technical support.""The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side.""We need to dedicate time and resources to keep it running."

More Fortra Tripwire IP360 Cons →

"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper.""There is not a central management for static and dynamic.""The solution could improve by having a mobile version.""Many silly false positives are produced.""The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved.""The solution's scalability can be a matter of concern because one license runs on one machine only.""AppScan is too complicated and should be made more user-friendly.""Scans become slow on large websites."

More HCL AppScan Cons →

"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language.""If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time.""SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers.""There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have.""I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality.""An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case.""We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release.""We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."

More SonarQube Cons →

Pricing and Cost Advice
  • "I believe the price compares well within the market."
  • "The product was expensive for us."
  • More Fortra Tripwire IP360 Pricing and Cost Advice →

  • "AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • "Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
  • "HCL AppScan is expensive."
  • "I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
  • "The price is very expensive."
  • "The solution is moderately priced."
  • "The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
  • More HCL AppScan Pricing and Cost Advice →

  • "This is open source."
  • "We did not purchase a license (required for C++ support), but this option was considered."
  • "Get the paid version which allows the customized dashboard and provides technical support."
  • "People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it."
  • "This product is open source and very convenient."
  • "The licence is standard open source licensing"
  • "The price point on SonarQube is good."
  • "Some of the plugins that were previously free are not free now."
  • More SonarQube Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:We could manage our entire IP range with the solution.
    Top Answer:The product was expensive for us. It was not cost-effective for how we used it to do the job. We didn't think it was… more »
    Top Answer:It's an enterprise-level tool. If we’re not putting it in everything, it's very expensive to maintain in terms of people… more »
    Top Answer:The product has valuable features for static and dynamic testing.
    Top Answer:HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not… more »
    Top Answer:HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by… more »
    Top Answer:I am not very familiar with SonarQube and their solutions, so I can not answer But if you are asking me about which… more »
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security… more »
    Ranking
    35th
    Views
    467
    Comparisons
    341
    Reviews
    1
    Average Words per Review
    592
    Rating
    6.0
    Views
    5,763
    Comparisons
    4,452
    Reviews
    17
    Average Words per Review
    339
    Rating
    7.2
    Views
    57,256
    Comparisons
    45,052
    Reviews
    18
    Average Words per Review
    397
    Rating
    8.0
    Comparisons
    Also Known As
    IP360
    IBM Security AppScan, Rational AppScan, AppScan
    Sonar
    Learn More
    Interactive Demo
    Fortra
    Demo Not Available
    HCLTech
    Demo Not Available
    Overview

    Tripwire IP360 is a powerful vulnerability management solution that identifies and prioritizes network vulnerabilities for remediation. It is highly effective in scanning devices and applications, improving security posture, ensuring compliance, and managing risks. 

    Users value its detailed reporting, user-friendly interface, and seamless integration with other security tools for efficient security management.

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of your release pipeline, displaying pass/fail results for new code based on quality profiles you customize to your company standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production.

    At its core, SonarQube includes a static code analyzer that identifies bugs, security vulnerabilities, hidden secrets, and code smells. The platform guides you through issue resolution, fostering a culture of continuous improvement. SonarQube’s comprehensive reporting is a valuable tool for dev teams to monitor their codebase's overall health and quality across multiple projects in their portfolio. With SonarQube, you can achieve a state of Clean Code, leading to secure, reliable, and maintainable software.

    Sonar is the only solution combining the power of industry-leading software quality analysis with static application security testing (SAST) and real-time coding guidance in the IDE (with SonarLint) to meet the DevOps and DevSecOps demand of putting agility, automation, and security in the hands of developers. Further accelerate DevOps continuous integration by helping developers find and fix issues in code before the software testing stage, reducing the churn of finding, fixing, rebuilding, and retesting your app.

    With over 5,000 Clean Code rules, SonarQube analyzes 30+ of the most popular programming languages, including dozens of frameworks, the top DevOps platforms (GitLab, GitHub, Azure DevOps, and Bitbucket, and more), and the leading infrastructure as code (IaC) platforms.

    SonarQube is the most trusted static code analyzer used by over 7 million developers and 400,000 organizations globally to clean over half a trillion lines of code.

    Sample Customers
    1. Aetna 2. Accenture 3. Adidas 4. AIG 5. Airbus 6. Akamai 7. Amazon 8. American Express 9. Aon 10. Apple 11. ATT 12. Autodesk 13. Bank of America 14. Barclays 15. Bayer 16. Bechtel 17. BlackRock 18. Boeing 19. BNP Paribas 20. Cisco 21. CocaCola 22. Comcast 23. Dell 24. Deutsche Bank 25. eBay 26. ExxonMobil 27. FedEx 28. Ford 29. General Electric 30. Google 31. HP 32. IBM
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm18%
    Government9%
    Energy/Utilities Company8%
    REVIEWERS
    Government16%
    Transportation Company16%
    Financial Services Firm11%
    Comms Service Provider11%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm14%
    Government10%
    Manufacturing Company8%
    REVIEWERS
    Computer Software Company30%
    Financial Services Firm21%
    Comms Service Provider7%
    Insurance Company6%
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company15%
    Manufacturing Company11%
    Government6%
    Company Size
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise11%
    Large Enterprise73%
    REVIEWERS
    Small Business25%
    Midsize Enterprise11%
    Large Enterprise64%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    REVIEWERS
    Small Business25%
    Midsize Enterprise15%
    Large Enterprise60%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise71%
    Buyer's Guide
    Vulnerability Management
    March 2024
    Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management. Updated: March 2024.
    765,234 professionals have used our research since 2012.