SonarQube vs. Tripwire IP360

As of June 2019, SonarQube is ranked 2nd in Application Security with 21 reviews vs Tripwire IP360 which is ranked 9th in Vulnerability Management with 2 reviews. The top reviewer of SonarQube writes "Great birds-eye view dashboard with detailed code metrics in the drill-down". The top reviewer of Tripwire IP360 writes "A mature and evolving solution that has become the pinnacle point for anything that enters the network". SonarQube is most compared with Veracode, Micro Focus Fortify on Demand and Checkmarx. Tripwire IP360 is most compared with Tenable Nessus, Qualys Web Application Scanning and Acunetix Vulnerability Scanner.
Cancel
You must select at least 2 products to compare!
SonarQube Logo
58,809 views|40,153 comparisons
Tripwire IP360 Logo
1,872 views|468 comparisons
Most Helpful Review
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: May 2019.
346,972 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
Strong code evaluation for budget-minded clients.If code coverage is a low number then that's of great value to me.SonarQube is good for checking and maintaining code quality.Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs.We advise all of our developers to have this solution in place.If you want to have your code scanned and timed then this is a good tool.We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that.The most valuable function is its usability.

Read more »

It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed.

Read more »

Cons
Expression of common vulnerabilities and exposures is not always current.I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it.I would like to see more options for security, beyond the basics like SQL injection.The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities.I would like to see dynamic code analysis in the next version of the software.The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at.We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better.This solution finds issues that are similar to what is found by Checkmarx, and it would be nice if the overlap could be eliminated.

Read more »

The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side.

Read more »

Pricing and Cost Advice
A low cost long-term solution for non-critical situations.We are using the free, unlicensed version.The costs for this application, for the kind of job it does, are pretty decent.We're using their free Community Edition version.Some of the plugins that were previously free are not free now.The price point on SonarQube is good.The licence is standard open source licensingThis product is open source and very convenient.

Read more »

Information Not Available
report
Use our free recommendation engine to learn which Application Security solutions are best for your needs.
346,972 professionals have used our research since 2012.
Ranking
2nd
Views
58,809
Comparisons
40,153
Reviews
19
Average Words per Review
503
Avg. Rating
7.9
9th
Views
1,872
Comparisons
468
Reviews
1
Average Words per Review
529
Avg. Rating
6.0
Top Comparisons
Compared 26% of the time.
Compared 20% of the time.
Compared 39% of the time.
Also Known As
SonarIP360
Learn
SonarQube
Video Not Available
Tripwire
Overview
SonarQube is the central place to manage code quality, offering visual reporting on and across projects and enabling to replay the past to follow metrics evolution

Tripwire IP360 delivers risk-based vulnerability assessment and asset discovery capabilities. With IP360, you get:

  • Comprehensive discovery and profiling of all network assets.
  • Highly scalable architecture with low network impact.
  • Advanced vulnerability scoring that identifies top risks.
  • Prioritized change results when used with Tripwire Enterprise.
Offer
Learn more about SonarQube
Learn more about Tripwire IP360
Sample Customers
Bank of America, Siemens, Cognizant, Thales, Cisco, eBayState of Iowa, State of Minnesota, U.S. Cellular
Top Industries
REVIEWERS
Financial Services Firm45%
Insurance Company9%
Healthcare Company9%
Comms Service Provider9%
VISITORS READING REVIEWS
Financial Services Firm27%
Retailer10%
Pharma/Biotech Company10%
Government9%
No Data Available
Company Size
REVIEWERS
Small Business26%
Midsize Enterprise22%
Large Enterprise52%
VISITORS READING REVIEWS
Small Business15%
Midsize Enterprise1%
Large Enterprise83%
No Data Available
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: May 2019.
346,972 professionals have used our research since 2012.
We monitor all Application Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email