We performed a comparison between SonarQube and Synopsys Code Dx based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"There is a free version."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"The most valuable function is its usability."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"The product is simple."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"It is very good at identifying technical debt."
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
"The solution could improve by providing more advanced technologies."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"SonarQube could improve its static application security testing as per the industry standard."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
SonarQube is ranked 1st in Static Application Security Testing (SAST) with 111 reviews while Synopsys Code Dx is ranked 31st in Static Application Security Testing (SAST) with 1 review. SonarQube is rated 8.0, while Synopsys Code Dx is rated 0.0. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Synopsys Code Dx writes "Facilitates continuous assessment of applications, covering both static and dynamic security aspects". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Synopsys Code Dx is most compared with Veracode, Checkmarx One and Coverity.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.