We performed a comparison between GitHub and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We use GitHub as a repository."
"The solution has been stable for us."
"This solution is just easy to use."
"The best feature is the ability to track the history of all code changes, and it's easy to use. Additionally, as it's open source, anyone can use that feature resulting in distributed development. This opens the door to collaboration with different code and developer, feature, and master branches of development."
"We are finding GitHub is very stable."
"The most valuable feature is the fact that it's cloud-based, and we don't have to manage an on-premises server to use it."
"All the features are valuable, but the most important feature is that GitHub has advanced security. The second important feature is the capability to create custom GitHub actions and the capability to deploy in different types of architectural infrastructures, such as hybrid, private, or public."
"This product allows us to easily collaborate on development tasks with our subcontractors, and control the workflow as the project progresses."
"The solution offers a very good community edition."
"We consider it a handy tool that helps to resolve our issues immediately."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"There is a free version."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"The most valuable features are the segregation containment and the suspension of product services."
"SonarQube is admin friendly."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"GitHub could add more security features. I am not sure how secure it is. If they provide more security features, then it can be used in more official applications."
"GitHub could have better integration or capability with other solutions."
"I would like to see more security where a plugin was available for us to update in relation to security."
"The GUI design is poor, so I exclusively use the CLI, which is much easier to use and understand. It would be great to see the GUI updated to be more user-friendly."
"We are not able to access GitHub from our VPN."
"GitHub needs to improve its UI."
"The solution could have better support for the Markdown language."
"The solution can improve by adding video guides, official guides, or short courses that cater to beginners who are new to the system. These resources could offer step-by-step guidance on how to use GitHub, including common procedures such as pulling and committing. Currently, many of us have to resort to searching for information on how to do these tasks via Google. An official guide provided by GitHub itself would be a valuable asset to newcomers and would save them time and effort."
"The handling of the contents of Docker container images could be better."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"It should be user-friendly."
"You may need to purchase add-ons to get the useability you desire."
"We did have some trouble with the LDAP integration for the console."
"Ease of use/interface."
"Expression of common vulnerabilities and exposures is not always current."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
GitHub is ranked 10th in Application Security Tools with 64 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. GitHub is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitHub is most compared with Snyk, AWS CodeCommit, Atlassian SourceTree, Bitbucket and Helix Core, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our GitHub vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.