SonarQube Competitors and Alternatives

The top SonarQube competitors are
  • Fortify on Demand
  • Veracode
  • Checkmarx
  • Coverity
  • Kiuwan
  • CAST Application Intelligence Platform
  • Fortify Application Defender
  • Klocwork
Read reviews of SonarQube competitors and alternatives
Prasoon Nigam
Security Consultant at a consultancy with 10,001+ employees
Jan 17 2018

What do you think of IBM Security AppScan?

Improvements to My Organization: IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability. • Valuable Features: Many features are valuable but some features stand out, like using our own scripts, and capturing the authentication. • Room for Improvement: It has crashed at times Scans become slow on large websites Many silly false positives are produced • Use of Solution: One to three years. • Stability Issues: Yes, sometimes we encounter stability issues. • Scalability Issues: Yes, sometimes we encounter scalability issues. • Customer Service and Technical Support: I would rate tech support a seven out of 10. • Previous Solutions: Yes. We switched because they made our...
Veracode Logo
CA Technologies
Team Lead / Architect at a tech services company with 1,001-5,000 employees
Sep 13 2018

What do you think of Veracode?

Primary Use Case: I use Veracode to run scans on .NET applications, web applications and Windows/fat form applications. I also use it to make deployments in three-tier environments: the application server tier, web server tier and the database tier. • Improvements to My Organization: Veracode has improved our penetration testing process.  We use Veracode static analysis during development to eliminate vulnerability issues. • Valuable Features: I have found the user interface extremely helpful in prioritizing issues. It allows me to prioritize the work to help resolve an issue. • Room for Improvement: They should improve on the static scanning time. • Use of Solution: Three to five years.
Checkmarx Logo
Ankur Sood
Real User
Technical Architect at a tech services company with 1,001-5,000 employees
Feb 27 2018

What do you think of Checkmarx?

Primary Use Case: I have used it for source code scanning of security vulnerabilities. It seems to be a good tool. It gives the proper code flow of vulnerabilities and the number of occurrences. • Improvements to My Organization: We have scanned various applications with it. It works fine, although we need to check manually for false positive issues.  • Valuable Features: After scanning, it shows in-depth code of where actual vulnerabilities are, which helps us to analyze them. • Room for Improvement: It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use. • Use of Solution: One to three years.

Sign Up with Email