SonarQube vs. WhiteSource

As of June 2019, SonarQube is ranked 2nd in Application Security with 22 reviews vs WhiteSource which is ranked 14th in Application Security with 3 reviews. The top reviewer of SonarQube writes "Great birds-eye view dashboard with detailed code metrics in the drill-down". The top reviewer of WhiteSource writes "Using it, we can take some measures to improve things, replace a library, or update a library which was too old". SonarQube is most compared with Veracode, Micro Focus Fortify on Demand and Checkmarx. WhiteSource is most compared with Black Duck Hub, SonarQube and Veracode. See our SonarQube vs. WhiteSource report.
Cancel
You must select at least 2 products to compare!
SonarQube Logo
58,809 views|40,153 comparisons
WhiteSource Logo
5,150 views|3,516 comparisons
Most Helpful Review
Find out what your peers are saying about SonarQube vs. WhiteSource and other solutions. Updated: May 2019.
347,745 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The most valuable features are the dashboard reports and the ease of integrating it with Jenkins.Strong code evaluation for budget-minded clients.If code coverage is a low number then that's of great value to me.SonarQube is good for checking and maintaining code quality.Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs.We advise all of our developers to have this solution in place.If you want to have your code scanned and timed then this is a good tool.We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that.

Read more »

The overall support that we receive is pretty good. ​We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds.We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs.Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed.

Read more »

Cons
Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time.Expression of common vulnerabilities and exposures is not always current.I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it.I would like to see more options for security, beyond the basics like SQL injection.The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities.I would like to see dynamic code analysis in the next version of the software.The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at.We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better.

Read more »

Make the product available in a very stable way for other web browsers.Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model.

Read more »

Pricing and Cost Advice
A low cost long-term solution for non-critical situations.We are using the free, unlicensed version.The costs for this application, for the kind of job it does, are pretty decent.We're using their free Community Edition version.Some of the plugins that were previously free are not free now.The price point on SonarQube is good.The licence is standard open source licensingThis product is open source and very convenient.

Read more »

We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​

Read more »

report
Use our free recommendation engine to learn which Application Security solutions are best for your needs.
347,745 professionals have used our research since 2012.
Ranking
2nd
Views
58,809
Comparisons
40,153
Reviews
19
Average Words per Review
503
Avg. Rating
7.9
14th
Views
5,150
Comparisons
3,516
Reviews
3
Average Words per Review
632
Avg. Rating
8.0
Top Comparisons
Compared 26% of the time.
Compared 20% of the time.
Compared 25% of the time.
Compared 18% of the time.
Compared 11% of the time.
Also Known As
Sonar
Learn
SonarQube
Video Not Available
WhiteSource
Overview
SonarQube is the central place to manage code quality, offering visual reporting on and across projects and enabling to replay the past to follow metrics evolution

WhiteSource offers an agile approach to open source management.
WhiteSource is a SaaS solution that integrates with your build process and audits your open source licenses, security and more every time you run your build.

Offer
Learn more about SonarQube
Learn more about WhiteSource
Sample Customers
Bank of America, Siemens, Cognizant, Thales, Cisco, eBayAutodesk, Temenos, Indeed.com, GE digital, KPMG, LivePerson, Jack Henry and Associates
Top Industries
REVIEWERS
Financial Services Firm42%
Pharma/Biotech Company8%
Insurance Company8%
Healthcare Company8%
VISITORS READING REVIEWS
Financial Services Firm27%
Retailer10%
Pharma/Biotech Company10%
Government9%
No Data Available
Company Size
REVIEWERS
Small Business25%
Midsize Enterprise21%
Large Enterprise54%
VISITORS READING REVIEWS
Small Business15%
Midsize Enterprise1%
Large Enterprise83%
No Data Available
Find out what your peers are saying about SonarQube vs. WhiteSource and other solutions. Updated: May 2019.
347,745 professionals have used our research since 2012.
We monitor all Application Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email