SonarQube Competitors and Alternatives

Get our free report covering Veracode, Checkmarx, Micro Focus, and other competitors of SonarQube. Updated: February 2020.
398,890 professionals have used our research since 2012.

Read reviews of SonarQube competitors and alternatives

Real User
Sr. Enterprise Architect at a financial services firm with 5,001-10,000 employees
Jan 15 2020

What is most valuable?

The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira. When a vulnerability is found then it is classified as a bug and sent to IT.

What needs improvement?

This solution would be improved if the code-quality perspective were added to it, on top of the security aspect. It would rate performance and other things. This is one of the reasons that people are interested in SonarQube. This would make… more»

Which solution did I use previously and why did I switch?

We also use WebInspect, SonarQube, and other security tools in addition to this solution. The use of particular tools depends on the project and the project manager that I speak with. Prior to working with Fortify on Demand, we worked using… more»

What other advice do I have?

My advice to anybody who is considering this solution is to first get buy-in from the entire organization about adopting a culture of Security by design. Fortify on Demand can scan your code, but you need to have plans in place for what… more»

Which other solutions did I evaluate?

We did not evaluate other vendors beyond the solutions that we are using.
Ernst Marais
Real User
Software Architect at Digital Solution Foundry (Pty) Ltd
Sep 05 2019

What is most valuable?

The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating. The interface is usable and friendly.

How has it helped my organization?

This solution has improved the quality of the process, in general. This solution helps us to catch issues early on, and find problems that we never knew we had. This results in things being more secure.

What needs improvement?

The rate of false positives, where it reports issues that are not really issues, can be improved. Scanning of vulnerabilities on open-source projects is not particularly useful as it is. I would like to see better integration with Azure… more»

Which solution did I use previously and why did I switch?

We are also using SonarQube in parallel with this solution. SonarQube is a good product, but I prefer Kiuwan from a functional perspective.

What other advice do I have?

This is a solution that I recommend. The biggest lesson that I have learned from using this software is that we weren't as secure as we had thought. You think that you have pretty decent security until you get the tool and see where you are… more»
Bus432Anly
Real User
Business Analyst at a tech services company with 201-500 employees
Nov 01 2018

What do you think of Checkmarx?

What is our primary use case?

Our primary use case solution is for code scanning.

How has it helped my organization?

It has made our organization more efficient with our whole code scan/deployment process for our software applications.

What is most valuable?

The most valuable features are: Ease of use Dashboard Interface Report

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I have not had an issue with stability of the product.

What do I think about the scalability of the solution?

There have been no issues with scalability that I am aware of.

How are customer service and technical support?

I have not needed the use of technical support.

Which solution did I use previously and why did I switch?

MahendraAitha
Real User
Lead Security Engineer at a tech vendor with 201-500 employees
May 24 2018

What is most valuable?

Scanning of .war and .jar.

How has it helped my organization?

It helps in achieving secure programming. Veracode provides us with industry best practices according to OWASP, CERT, and SANS. Our customers get the security of bug-free… more»

What needs improvement?

Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries.

What's my experience with pricing, setup cost, and licensing?

The pricing is good for static code analysis.

Which solution did I use previously and why did I switch?

We used SonarQube but to improve security in SAST we choose this.

What other advice do I have?

Implement this solution if you see WAF and SOC in your future.

Which other solutions did I evaluate?

Checkmarx, SonarQube.
Get our free report covering Veracode, Checkmarx, Micro Focus, and other competitors of SonarQube. Updated: February 2020.
398,890 professionals have used our research since 2012.