We performed a comparison between SonarQube and Trustwave App Scanner [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"The most valuable features are the segregation containment and the suspension of product services."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"The most valuable feature of this solution is that it is free."
"One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside."
"We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard."
"The stability is great. We haven't had any issues at all with it."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"The product's user documentation can be vastly improved."
"The product must improve security analysis."
"Code security scanning could be improved."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"The product needs to integrate other security tools for security scanning."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
Earn 20 points
SonarQube is ranked 1st in Application Security Tools with 108 reviews while Trustwave App Scanner [EOL] doesn't meet the minimum requirements to be ranked in Application Security Tools. SonarQube is rated 8.0, while Trustwave App Scanner [EOL] is rated 7.6. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Trustwave App Scanner [EOL] writes "It helps us troubleshoot failed scans and incomplete statuses". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Trustwave App Scanner [EOL] is most compared with .
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.