We performed a comparison between SonarQube and Synopsys Defensics based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."I like that it has a better dashboard compared to Clockwork. It's also stable."
"The overall quality of the indicator is good."
"We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part."
"Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration."
"It's enabled us to improve software quality and help us to disseminate best practices."
"Can tweak rules and feed them into our build pipelines."
"The SonarQube dashboard looks great."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"We have found multiple issues in our embedded system network protocols, related to buffer overflow. We have reduced some of these issues."
"Whatever the test suit they give, it is intelligent. It will understand the protocol and it will generate the test cases based on the protocol: protocol, message sequence, protocol, message structure... Because of that, we can eliminate a lot of unwanted test cases, so we can execute the tests and complete them very quickly."
"The product is related to US usage with TLS contact fees, i.e. how more data center connections will help lower networking costs."
"We could use some team support, but since we are using the community version, it's not available."
"You may need to purchase add-ons to get the useability you desire."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"It does not provide deeper scanning of vulnerabilities in an application, on a live session. This is something we are not happy about. Maybe the reason for that is we are running the community edition currently, but other editions may improve on that aspect."
"The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"The BPM language is important and should be considered in SonarQube."
"Codenomicon Defensics should be more advanced for the testing sector. It should be somewhat easy and flexible to install."
"It does not support the complete protocol stack. There are some IoT protocols that are not supported and new protocols that are not supported."
"Sometimes, when we are testing embedded devices, when we trigger the test cases, the target will crash immediately. It is very difficult for us to identify the root cause of the crash because they do not provide sophisticated tools on the target side. They cover only the client-side application... They do not have diagnostic tools for the target side. Rather, they have them but they are very minimal and not very helpful."
Earn 20 points
SonarQube is ranked 1st in Application Security Tools with 108 reviews while Synopsys Defensics is ranked 5th in Fuzz Testing Tools. SonarQube is rated 8.0, while Synopsys Defensics is rated 8.6. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Synopsys Defensics writes "Technical support provided protocol-specific documentation to prove that some positives were not false". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Synopsys Defensics is most compared with Snyk, Fortify on Demand, Invicti, HCL AppScan and PortSwigger Burp Suite Professional.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.