We performed a comparison between ShiftLeft and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"There's plenty of documentation available to users."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"It's enabled us to improve software quality and help us to disseminate best practices."
"Strong code evaluation for budget-minded clients."
"Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version."
"This solution is simple to use and can be quickly deployed."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
"Ease of use/interface."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"It would be better if SonarQube provided a good UI for external configuration."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"If I configure a project in SonarQube, it generates a token. When we're compiling our code with SonarQube, we have to provide the token for security reasons. If IP-based connectivity is established with the solution, the project should automatically be populated without providing any additional token. It will be easy to provide just the IP address. It currently supports this functionality, but it makes a different branch in the project dashboard. From the configuration and dashboard point of view, it should have some transformations. There can be dashboard integration so that we can configure the dashboard for different purposes."
ShiftLeft is ranked 26th in Application Security Tools with 1 review while SonarQube is ranked 1st in Application Security Tools with 111 reviews. ShiftLeft is rated 10.0, while SonarQube is rated 8.0. The top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". ShiftLeft is most compared with Black Duck and Semgrep Supply Chain, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.