We performed a comparison between HCL AppScan and Sonarqube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Sonarqube offers better integration capabilities than HCL AppScan. Additionally, Sonarqube users are happier with the pricing. For these reasons, Sonarqube is the more desirable product in this comparison.
"It provides a better integration for our ecosystem."
"Compared to other tools only AppScan supports special language."
"The most valuable feature of the solution is Postman."
"The most valuable feature of HCL AppScan is scanning QR codes."
"The UI was very intuitive."
"The solution is easy to use."
"The static scans are good, and the SaaS as well."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"There's plenty of documentation available to users."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"It is very good at identifying technical debt."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"We consider it a handy tool that helps to resolve our issues immediately."
"Can tweak rules and feed them into our build pipelines."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"SonarQube is scalable. My company has 50 users."
"One thing which I think can be improved is the CI/CD Integration"
"It has crashed at times."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"There is not a central management for static and dynamic."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"Scans become slow on large websites."
"Expression of common vulnerabilities and exposures is not always current."
"Currently requires multiple tools, lacking one overall tool."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
HCL AppScan is ranked 15th in Application Security Tools with 40 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. HCL AppScan is rated 7.6, while SonarQube is rated 8.0. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". HCL AppScan is most compared with Veracode, Acunetix, PortSwigger Burp Suite Professional, OWASP Zap and Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity and Veracode. See our HCL AppScan vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.