We performed a comparison between CAST Highlight and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It offers good performance."
"CAST Highlight is easy to use and has a good dashboard."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"The most valuable features of CAST Highlight are automation and speed."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"If code coverage is a low number then that's of great value to me."
"It is working fine. It provides a good value for money."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"It is a good deal compared to all other tools on the market."
"This solution is simple to use and can be quickly deployed."
"It is a very good tool for analysis despite its limitations."
"The good thing with SonarQube is it covers a lot of issues, it's a very robust framework."
"The ease of configuration and customization could be improved in CAST Highlight."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"There's a bit of a learning curve at the outset."
"I find it is light on the security side."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"The handling of the contents of Docker container images could be better."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
"I would like to see dynamic code analysis in the next version of the software."
"It would be better if SonarQube provided a good UI for external configuration."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"I am not very pleased with the technical debt computation."
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. CAST Highlight is rated 7.8, while SonarQube is rated 8.0. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". CAST Highlight is most compared with Checkmarx One, Snyk, Veracode, Black Duck and GitLab, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and CodeSonar. See our CAST Highlight vs. SonarQube report.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.