Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.
I have seen a return on the investment from SonarQube Server (formerly SonarQube) because the value it adds relates to static code analysis and vulnerability assessments needed for our FDA approval process.
We see productivity increasing based on the fact that the code review is mostly automated, allowing the developer to fix the code themselves before assigning it to someone else to review, thus receiving that ROI.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
They showed us where we can actually get those granular level reporting extracted for Excel, which was a quick guide.
I would rate the technical support for SonarQube Server (formerly SonarQube) as a 10 because we have not faced any specific issues that required us to contact tech support, which is a very rare case.
The community support is quite effective.
I find SonarQube Server (formerly SonarQube) very scalable because we're able to create a new repository and integrate all the tools on that project and it just works.
I would rate the scalability of SonarQube Server as a 10 because we can configure the server to scan multiple projects based on the number of lines.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
I think SonarQube Server (formerly SonarQube) is stable, and we did not face any problems unless there was a power outage or if the LAN cable was plugged out.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
Currently, it should also be able to analyze the code and generate and fix the code for specific developers or features that the developers are tracking.
If I fix some vulnerabilities today, they reappear in the next scan, and there will be completely different issues that need to be fixed.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
I would rate the pricing for SonarQube Server (formerly SonarQube) as an 8, where 1 is very cheap and 10 is very expensive, because Coverity is very expensive, and while SonarQube is not cheap, it is still less expensive than Coverity.
They always offer around a two-year contract, but we always take a one-year contract because it's expensive.
The freemium version of SonarQube Server offers excellent value, especially compared to the high costs of Snyk.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
We use SonarQube Server's centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve.
Some of the static code analysis capabilities are the most beneficial.
The most valuable features of SonarQube Server (formerly SonarQube) for us include having control of the rules, enabling and disabling them.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.
SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.
What are the key features of SonarQube Server?Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.
