

HCL AppScan and CodeSonar compete in the security scanning market. HCL AppScan has an advantage due to its broad language support and ease of integration into the SDLC, while CodeSonar is stronger in identifying runtime errors and providing detailed logs.
Features: HCL AppScan provides dynamic and static testing, effectively identifying XSS and SQL injection vulnerabilities, integrated into the SDLC, and supports many languages. CodeSonar identifies dead code, runtime errors, and provides precise logs, ensuring effective detection of security threats.
Room for Improvement: Users report HCL AppScan occasionally has false positives, needing better web services testing, mobile integration, and technical support. CodeSonar could improve by adding more coding rules, wider language support, and a more intuitive rule application process.
Ease of Deployment and Customer Service: HCL AppScan can be deployed across Public Cloud, Hybrid Cloud, and On-premises, offering flexibility. Users find its technical support responsive but requiring improvement. CodeSonar, deployable on Public Cloud and On-premises, is praised for knowledgeable support but lacks regional resources, affecting response times.
Pricing and ROI: HCL AppScan is known to be expensive, but users see potential for 50% ROI and note competitive pricing against tools like Veracode. CodeSonar's pricing is license and source code size-dependent, with calls for more flexible pricing models. Both are considered investments aligned with their capabilities and security reassurance.
| Product | Mindshare (%) |
|---|---|
| HCL AppScan | 2.4% |
| CodeSonar | 1.1% |
| Other | 96.5% |


| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 1 |
| Large Enterprise | 2 |
| Company Size | Count |
|---|---|
| Small Business | 14 |
| Midsize Enterprise | 6 |
| Large Enterprise | 31 |
CodeSonar offers a potent tool for static code analysis, adept in detecting runtime errors and security vulnerabilities, with a fast deployment process and scalable capabilities. Its quick analysis and efficient web interface provide a strong basis for code quality validation.
CodeSonar specializes in identifying runtime errors, dead code, and security threats while providing features like code surfing and browsing. It offers a highly efficient web interface, though users find initial setup complex and highlight the need for better static analysis, broader language support beyond C and C++, and an improved licensing model. Despite these challenges, its integration with Jenkins and technical guidance support makes it a reliable choice for teams in defense and software quality assessment. Deployment is quick and easy, yet initial costs are a common concern among users.
What are the key features of CodeSonar?CodeSonar is primarily implemented in industries like defense and companies prioritizing code quality. Teams utilize its static code analysis and threat detection capabilities, integrating with Jenkins for continuous integration workflows. Security checks post-builds and technical support are common, aiding in effective defect management.
HCL AppScan offers quick vulnerability detection with effective SDLC integration and is known for its user-friendly interface and seamless security integration.
HCL AppScan provides dynamic and static scanning to identify vulnerabilities like XSS and SQL injection. It integrates well into CI/CD pipelines, supports multiple languages, and offers web and dynamic scanning, helping businesses ensure security across development lifecycles. Users benefit from API coverage, Postman integration, and its ability to function in cloud and on-premise environments, facilitating a shift from DevOps to DevSecOps practices.
What features define HCL AppScan?HCL AppScan is leveraged in sectors requiring rigorous security checks, such as finance and healthcare, where it conducts comprehensive scans and offers insights into potential vulnerabilities. Its robust scanning capabilities aid companies in maintaining compliance and security standards.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.