We performed a comparison between Invicti and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"I like that it's stable and technical support is great."
"Its ability to crawl a web application is quite different than another similar scanner."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"The solution's user interface is very user-friendly."
"There is a free version."
"SonarQube is good for checking and maintaining code quality."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"I like that it covers most programming languages for source code review."
"The solution has a plug-in that supports both C and C++ languages."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"The scannings are not sufficiently updated."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The scanner itself should be improved because it is a little bit slow."
"The support's response time could be faster since we are in different time zones."
"The custom attack preparation screen might be improved."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
"Monitoring is a feature that can be improved in the next version."
"There isn't a very good enterprise report."
Invicti is ranked 20th in Application Security Tools with 25 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Invicti is rated 8.2, while SonarQube is rated 8.0. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning and Synopsys Defensics, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Invicti vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.