We performed a comparison between Digital.ai Application Security and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."I used the tool to prepare for the interview as a Business Developer. It helped me improve my understanding on software security."
"The initial setup is simple. It requires some security, but it's simple."
"The overall quality of the indicator is good."
"If you want to have your code scanned and timed then this is a good tool."
"SonarQube is admin friendly."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"I would like the tool to integrate AI and automation that is dedicated to detecting software vulnerabilities."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
"The product's user documentation can be vastly improved."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"Lacks sufficient visibility and documentation."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"It does not provide deeper scanning of vulnerabilities in an application, on a live session. This is something we are not happy about. Maybe the reason for that is we are running the community edition currently, but other editions may improve on that aspect."
Digital.ai Application Security is ranked 36th in Application Security Tools with 1 review while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Digital.ai Application Security is rated 6.0, while SonarQube is rated 8.0. The top reviewer of Digital.ai Application Security writes "Helps to improve knowledge on software security ". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Digital.ai Application Security is most compared with PortSwigger Burp Suite Professional and Fortify Application Defender, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.