We performed a comparison between Acunetix and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Overall, it's a very good tool and a very good engine."
"I haven't seen reporting of that level in any other tool."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"The usability and overall scan results are good."
"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"The product itself has a friendly UI."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"SonarQube is good for checking and maintaining code quality."
"The code coverage feature is very good."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"Acunetix needs to improve its cost."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"The vulnerability identification speed should be improved."
"Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."
"The pricing is a bit on the higher side."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"Monitoring is a feature that can be improved in the next version."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"The product needs to integrate other security tools for security scanning."
"When we have a thousand products published over it, we expect it to be more efficient in terms of serving requests from the browser."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"I would like to see dynamic code analysis in the next version of the software."
Acunetix is ranked 16th in Application Security Tools with 26 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Acunetix is rated 7.6, while SonarQube is rated 8.0. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Tenable Nessus, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Acunetix vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.