We performed a comparison between Fortify Application Defender and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution helped us to improve the code quality of our organization."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"Its ability to find security defects is valuable."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The most valuable feature is that it analyzes data in real-time."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"The product saves us cost and time."
"Code Convention: Using the tool to implement some sort of coding convention is really useful and ensures that the code is consistent no matter how many contributors."
"We advise all of our developers to have this solution in place."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"If code coverage is a low number then that's of great value to me."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"This solution is simple to use and can be quickly deployed."
"It easily ties into our continuous integration pipeline."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"I encountered many false positives for Python applications."
"The licensing can be a little complex."
"Fortify Application Defender gives a lot of false positives."
"Support for older compilers/IDEs is lacking."
"The false positive rate should be lower."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The workbench is a little bit complex when you first start using it."
"There are limitations to the free version that limit development options as far as languages."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"SonarQube needs to improve its ease of use, integration with third-party platforms, and scalability."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment."
Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews while SonarQube is ranked 1st in Application Security Tools with 111 reviews. Fortify Application Defender is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, Qualys Web Application Scanning and Fortify on Demand, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Fortify Application Defender vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.