We performed a comparison between CAST Application Intelligence Platform and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Software Development Analytics solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It supports most programming languages."
"The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out."
"Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients."
"CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform."
"Used for controlling the technical debt and code quality."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"The good thing with SonarQube is it covers a lot of issues, it's a very robust framework."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"I like that it has a better dashboard compared to Clockwork. It's also stable."
"The initial setup is simple. It requires some security, but it's simple."
"The product itself has a friendly UI."
"The solution is stable."
"This solution has helped with the integration and building of our CICD pipeline."
"It has very few plugins to access different code repositories, so source code has to be fed."
"The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules. An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code."
"Implementation could be made more simpler as it is complex."
"Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues."
"The integration of this solution could be improved."
"I would like to see dynamic code analysis in the next version of the software."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
"The pricing could be reduced a bit. It's a little expensive."
"In terms of what can be improved, the areas that need more attention in the solution are its architecture and development."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"The product needs to integrate other security tools for security scanning."
More CAST Application Intelligence Platform Pricing and Cost Advice →
CAST Application Intelligence Platform is ranked 3rd in Software Development Analytics with 4 reviews while SonarQube is ranked 1st in Software Development Analytics with 108 reviews. CAST Application Intelligence Platform is rated 7.0, while SonarQube is rated 8.0. The top reviewer of CAST Application Intelligence Platform writes "Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". CAST Application Intelligence Platform is most compared with Fortify Application Defender, Fortify on Demand, Checkmarx One and BlueOptima, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our CAST Application Intelligence Platform vs. SonarQube report.
See our list of best Software Development Analytics vendors.
We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.