We performed a comparison between CAST Highlight and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of CAST Highlight are automation and speed."
"It offers good performance."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"CAST Highlight is easy to use and has a good dashboard."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"Can tweak rules and feed them into our build pipelines."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part."
"Provides local scanning for developers."
"There's plenty of documentation available to users."
"This has improved our organization because it has helped to find Security Vulnerabilities."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"There's a bit of a learning curve at the outset."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"The ease of configuration and customization could be improved in CAST Highlight."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"Dynamic scanning is missing and there are some issues with security scanning."
"Expression of common vulnerabilities and exposures is not always current."
"I think the code security can be improved."
"The solution could improve by having better-consulting services."
"There could be better integration with other products."
"In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. CAST Highlight is rated 7.8, while SonarQube is rated 8.0. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". CAST Highlight is most compared with Checkmarx One, Snyk, Veracode, Black Duck and GitLab, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and CodeSonar. See our CAST Highlight vs. SonarQube report.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.