We performed a comparison between SonarQube and Tenable.io Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a very good tool for analysis and security vulnerability checking."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"It has very good scalability and stability."
"I like that it helps us maintain our work quality and code security."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage."
"The most effective feature of the product is the ability to scan the entire environment."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"The solution's instant reports feature is the most effective for detecting threats."
"The initial setup is straightforward."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"The product's pricing could be lower."
"There isn't a very good enterprise report."
"Code security scanning could be improved."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
"The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment."
"This solution finds issues that are similar to what is found by Checkmarx, and it would be nice if the overlap could be eliminated."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"The dashboard could be more user-friendly."
"Tenable.io Web Application Scanning conducts a general scan, which wastes time. The scan needs to be specific."
"Tenable.io Web Application Scanning could improve by offering faster fuzzing."
"The solution's dashboards could be improved and made more user-friendly."
"The technical support should be improved. Currently, some attacks are detected while others are not."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
SonarQube is ranked 1st in Application Security Tools with 108 reviews while Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews. SonarQube is rated 8.0, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Tenable.io Web Application Scanning is most compared with Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional, Fortify on Demand and Invicti. See our SonarQube vs. Tenable.io Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.