We performed a comparison between GitHub and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is scalable."
"I did not have any issues with the stability of Github. It worked seamlessly."
"There are no issues. It's simple, easy, and fully compatible from my perspective with Git."
"Our code is secure."
"The features that I have found most valuable are that it can support you for most of the road map and it can automate some tasks which works really well with collaboration with the teams. They are really interested in how they organize the history of the code itself which is good."
"The most valuable feature of the solution is the version control field."
"The most valuable feature is the fact that it's cloud-based, and we don't have to manage an on-premises server to use it."
"The product helps our team collaborate across different locations."
"The overall quality of the indicator is good."
"We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard."
"It is a very good tool for analysis despite its limitations."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
"Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration."
"Provides local scanning for developers."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"The user interface on GitLab is better."
"The GUI design is poor, so I exclusively use the CLI, which is much easier to use and understand. It would be great to see the GUI updated to be more user-friendly."
"There can be conflict issues when two developers work on the same file or line of code, and it would be great to see that improved, possibly with an AI solution."
"The solution can improve by adding video guides, official guides, or short courses that cater to beginners who are new to the system. These resources could offer step-by-step guidance on how to use GitHub, including common procedures such as pulling and committing. Currently, many of us have to resort to searching for information on how to do these tasks via Google. An official guide provided by GitHub itself would be a valuable asset to newcomers and would save them time and effort."
"We face issues with synchronization while working with teams."
"I would want to see some form of code security scanning implemented."
"The stability can be improved."
"If something has to be moved into approvals, and if they don't approve it in a few hours, then they should move the approval request to some other user, or they should have a way to escalate it."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"I have found this solution creates more noise than competitors."
"There could be better integration with other products."
"The security in SonarQube could be better."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"It should be user-friendly."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
GitHub is ranked 12th in Application Security Tools with 72 reviews while SonarQube is ranked 1st in Application Security Tools with 111 reviews. GitHub is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitHub is most compared with Snyk, AWS CodeCommit, Bitbucket, Fortify on Demand and Sonatype Repository Firewall, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our GitHub vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.