Which gives you more for your money - SonarQube or Veracode?


Why is one better than the other?

ITCS user
33 Answers

author avatar
Top 5LeaderboardReal User

We have used SonarQube quite a lot and this is great to check code quality, security hotspots much earlier in the SDLC and fix those. The community edition is free to use, can be used on-premises and is integrated seamlessly with Jenkins and others. The Enterprise and Developer commercial editions offer a lot more rules and functionalities.

Veracode is mostly in space of security testing and amongst the leader in this space. It's a commercial product and has no community edition, to the best of my knowledge. 

Depending on your use cases, you will need both of these areas to be covered through these or other tools.

author avatar
Top 10Real User

They are mainly two different products. 

If your goal is to set the quality on code then SonarQube is your answer. 

On the other side, if your main goal is to set high-quality standards in terms of cybersecurity (i.e. both security and compliance with regulations), then Veracode is a better match.

author avatar


author avatarEvgeny Belenky
Community Manager

@Akash Singh Singh can you please explain why do you recommend a different product? What are its advantages?

Find out what your peers are saying about SonarQube vs. Veracode and other solutions. Updated: September 2021.
534,468 professionals have used our research since 2012.