We performed a comparison between HCL AppScan and Sonarqube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Sonarqube offers better integration capabilities than HCL AppScan. Additionally, Sonarqube users are happier with the pricing. For these reasons, Sonarqube is the more desirable product in this comparison.
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The most valuable feature of the solution is Postman."
"The static scans are good, and the SaaS as well."
"The product has valuable features for static and dynamic testing."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"This solution saves us time due to the low number of false positives detected."
"This is a stable solution."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"The most valuable features are code scanning and Quality Gates."
"It's enabled us to improve software quality and help us to disseminate best practices."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"This solution has the capability to analyze source code in almost all the languages in the market."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"This has improved our organization because it has helped to find Security Vulnerabilities."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"Sometimes it doesn't work so well."
"The solution could improve by having a mobile version."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"One thing which I think can be improved is the CI/CD Integration"
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"IBM Security AppScan Source is rather hard to use."
"It should be user-friendly."
"If you don't have any experience with the configuration or how to configure the files, it can be complicated."
"Expression of common vulnerabilities and exposures is not always current."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"The interface could be a little better and should be enhanced."
"The handling of the contents of Docker container images could be better."
"When we have a thousand products published over it, we expect it to be more efficient in terms of serving requests from the browser."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
HCL AppScan is ranked 14th in Application Security Tools with 19 reviews while SonarQube is ranked 1st in Application Security Tools with 18 reviews. HCL AppScan is rated 7.6, while SonarQube is rated 8.0. The top reviewer of HCL AppScan writes "A useful tool to scan applications that can be easily installed". On the other hand, the top reviewer of SonarQube writes "A stable solution that needs to make its enterprise version and support available to users in Thailand". HCL AppScan is most compared with Veracode, Acunetix, OWASP Zap, Fortify WebInspect and PortSwigger Burp Suite Professional, whereas SonarQube is most compared with Checkmarx, SonarCloud, Coverity and Veracode. See our HCL AppScan vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.