Compare CAST Application Intelligence Platform vs. SonarQube

CAST Application Intelligence Platform is ranked 2nd in Software Development Analytics with 1 review while SonarQube is ranked 1st in Software Development Analytics with 14 reviews. CAST Application Intelligence Platform is rated 5.0, while SonarQube is rated 7.4. The top reviewer of CAST Application Intelligence Platform writes "Source code has to be fed. Used for controlling the technical debt and code quality". On the other hand, the top reviewer of SonarQube writes "Great birds-eye view dashboard with detailed code metrics in the drill-down". CAST Application Intelligence Platform is most compared with SonarQube, Checkmarx and Micro Focus Fortify on Demand, whereas SonarQube is most compared with Veracode, Checkmarx and Micro Focus Fortify on Demand.
Cancel
You must select at least 2 products to compare!
Most Helpful Review
Hilal Emeksiz
Source code has to be fed. Used for controlling the technical debt and code quality.
Clean code writing with the help of issues. However, it has very few plugins to access different code repositories, so source code has to be fed.
Steven Gomez
Great birds-eye view dashboard with detailed code metrics in the drill-down
We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards... Read more »
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
Used for controlling the technical debt and code quality.It supports most programming languages.

Read more »

The most valuable features are the dashboard reports and the ease of integrating it with Jenkins.Strong code evaluation for budget-minded clients.If code coverage is a low number then that's of great value to me.SonarQube is good for checking and maintaining code quality.Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs.We advise all of our developers to have this solution in place.If you want to have your code scanned and timed then this is a good tool.We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that.

Read more »

Cons
It has very few plugins to access different code repositories, so source code has to be fed.Implementation could be made more simpler as it is complex.

Read more »

Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time.Expression of common vulnerabilities and exposures is not always current.I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it.I would like to see more options for security, beyond the basics like SQL injection.The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities.I would like to see dynamic code analysis in the next version of the software.The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at.We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better.

Read more »

Pricing and Cost Advice
Information Not Available
A low cost long-term solution for non-critical situations.We are using the free, unlicensed version.The costs for this application, for the kind of job it does, are pretty decent.We're using their free Community Edition version.Some of the plugins that were previously free are not free now.The price point on SonarQube is good.

Read more »

report
See Which Vendors Are Best For You
Use our free recommendation engine to learn which Software Development Analytics solutions are best for your needs.
See Recommendations
390,232 professionals have used our research since 2012.
Ranking
2nd
out of 5 in Software Development Analytics
Views
4,914
Comparisons
3,674
Reviews
1
Average Words per Review
129
Avg. Rating
5.0
1st
out of 5 in Software Development Analytics
Views
66,297
Comparisons
55,497
Reviews
14
Average Words per Review
577
Avg. Rating
7.4
Top Comparisons
+ Add more products to compare
Veracode vs. SonarQube
Compared 29% of the time.
Checkmarx vs. SonarQube
Compared 19% of the time.
+ Add more products to compare
Also Known As
CAST AIPSonar
Learn
CAST
SonarQube
Video Not Available
Overview

CAST Application Intelligence Platform (AIP), a result of over $130M in R&D investment over two decades, is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.

  • Application Analytics Dashboard (CAST AAD): Provides IT executives with accurate business relevant analytics to drive their organization
  • Application Engineering Dashboard (CAST AED): Provides engineering and QA teams with powerful code and system level structural flaw insight and remediation guidance
  • Enlighten: Delivers to developers a powerful deep understanding of their application’s structure
  • Architecture Checker: Gives architects a reliable, automated solution to enforce architectures that deliver stability and performance of their critical applications

CAST’s underlying system-level analysis technology assesses both the health of an application, as measured through numerous health factors, as well as specific structural and system-level defects that drive performance and stability issues providing true system level analysis.

SonarQube is the central place to manage code quality, offering visual reporting on and across projects and enabling to replay the past to follow metrics evolution
Offer
Learn more about CAST Application Intelligence Platform
Learn More
Learn more about SonarQube
Learn More
Sample Customers
Steria, T-Systems MMS, Atos Origin, Accenture, CapgeminiBank of America, Siemens, Cognizant, Thales, Cisco, eBay
Top Industries
VISITORS READING REVIEWS
Software R&D Company45%
Government12%
Comms Service Provider8%
Insurance Company6%
REVIEWERS
Financial Services Firm36%
Healthcare Company7%
Government7%
Wireless Company7%
VISITORS READING REVIEWS
Software R&D Company36%
Comms Service Provider12%
Financial Services Firm8%
Media Company6%
Company Size
No Data Available
REVIEWERS
Small Business22%
Midsize Enterprise22%
Large Enterprise56%
VISITORS READING REVIEWS
Small Business17%
Midsize Enterprise3%
Large Enterprise80%

See also CAST Application Intelligence Platform Reviews, SonarQube Reviews, and our list of Best Software Development Analytics Companies.

We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.