CodeSonar vs Onapsis comparison

CodeSecure and Onapsis are both solutions in the Application Security Tools category. CodeSecure is ranked #30, while Onapsis is ranked #36. CodeSecure holds a 1.1% mindshare in AS, compared to Onapsis’s 0.9% mindshare. Additionally, 87% of CodeSecure users are willing to recommend the solution, compared to 100% of Onapsis users who would recommend it.

CodeSonar

Read 7 CodeSonar reviews

3,182 Views
2,196 Comparison Views

87% willing to recommend

Onapsis

Read 1 Onapsis review

1,269 Views
1,180 Comparison Views

100% willing to recommend

CodeSonar

Onapsis

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between CodeSonar and Onapsis based on real PeerSpot user reviews.

Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools.

To learn more, read our detailed Application Security Tools Report (Updated: May 2026).

Buyer's Guide

Application Security Tools

May 2026

Download the complete report

Helped 893,438 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

CodeSonar

Ranking in Application Security Tools

30th

Average Rating

8.2

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Static Code Analysis (10th)

Onapsis

Ranking in Application Security Tools

36th

Average Rating

8.0

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of May 2026, in the Application Security Tools category, the mindshare of CodeSonar is 1.1%, down from 1.5% compared to the previous year. The mindshare of Onapsis is 0.9%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
CodeSonar	1.1%
Onapsis	0.9%
Other	98.0%

Application Security Tools

Featured Reviews

Mathieu ALBRESPY

Intigration Developer at ez-Wheel

Nice interface, quick to deploy, and easy to expand

This is the first time I've used this kind of software. It was the only one we could apply to analyze with MISRA rules. At my new company, I tried to use Klocwork. I tried to use it, just once so I cannot compare it exactly with CodeSonar. I also have a plugin for my Visual Studio and I try to make it work. It's not easy, however, I don't think that we have this kind of functionality with CodeSonar. It can do some incremental analysis. However, since this feature is also available on CodeSonar, it would be a good idea to have a plugin on Visual Studio just to have a quick analysis.

Read full review

it_user19113

SAP Security Consulting Engineer at a computer software company with 10,001+ employees

It checks for and reports vulnerabilities on all SAP systems at the OS, DB and SAP levels.

I really love how Onapsis X1 is able to check SAP for threats; the reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience. Currently, it takes some background jobs and additional work to get them published. It was difficult to get interactive reports to the different levels of the business. I would have to download them and send them out, or save them on my SharePoint site and send out a weekly link. In the version of the product I was usingת I had to log into the X1 system directly to get to the reports. Reporting would be used by several different areas of the organizationת many of whom would be at the director and executive levels. It would not make sense to have them log directly into the tool to look at these reports. Add to this that there was only one ID that could be used to log in and view the reports. To solve this problemת I had to run all of the different reports; executive summary down to detailed analysis and then export them out to my security team SharePoint site. To automate this processת a batch script was created to run after the X1 analyzed the systems. The script would pull the reports and place them in the SharePoint site automatically, but it was a bit of a hassle to get set up.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."

"I would suggest trying out automated tools along with CodeSonar on your project, and you will find out that CodeSonar reports many more defects compared to other static analysis tools, so this is a very important tool."

"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."

"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times."

"It has been able to scale."

"The solution is very stable and we have used it for a long time with no issues."

"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."

"CodeSonar’s most valuable feature is finding security threats."

More CodeSonar pros

"It has hardened our SAP system by providing details of vulnerabilities in our SAP landscape."

Cons

"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it."

"It was difficult for us to apply a rule, especially to a part of the code, and not apply it to the rest of the code."

"The scanning tool for core architecture could be improved."

"It would be beneficial for the solution to include code standards and additional functionality for security."

"The MISRA guidelines were not appropriately reported and there were some flags or errors."

"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."

"There could be a shared licensing model for the users."

"The scanning tool for core architecture could be improved."

More CodeSonar cons

"Reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience."

Pricing and Cost Advice

"The solution's price depends on the number of licenses needed and the source code for the project."

"The application’s pricing is high compared to other tools."

"Pricing is a bit costly."

"Our organization purchased a license to use the solution."

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

893,438 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

24%

Computer Software Company

University

Financial Services Firm

Energy/Utilities Company

16%

University

13%

Construction Company

11%

Outsourcing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	5
Midsize Enterprise	1
Large Enterprise	2

No data available

Comparisons

SonarQube vs CodeSonar

Compared 17% of the time

Coverity Static vs CodeSonar

Compared 13% of the time

Polyspace Code Prover vs CodeSonar

Compared 8% of the time

Veracode vs CodeSonar

Compared 7% of the time

Jscrambler vs CodeSonar

Compared 4% of the time

More CodeSonar Competitors

SonarQube vs Onapsis

Compared 15% of the time

ERPScan SMART Cybersecurity Platform vs Onapsis

Compared 13% of the time

Nullify vs Onapsis

Compared 12% of the time

Qualys Web Application Scanning vs Onapsis

Compared 8% of the time

Klocwork vs Onapsis

Compared 6% of the time

More Onapsis Competitors

Product Reports

Buyer's Guide

Application Security Tools

May 2026

Download CodeSonar product report

Buyer's Guide

Application Security Tools

May 2026

Download Onapsis product report

Overview

CodeSonar offers a potent tool for static code analysis, adept in detecting runtime errors and security vulnerabilities, with a fast deployment process and scalable capabilities. Its quick analysis and efficient web interface provide a strong basis for code quality validation.

CodeSonar specializes in identifying runtime errors, dead code, and security threats while providing features like code surfing and browsing. It offers a highly efficient web interface, though users find initial setup complex and highlight the need for better static analysis, broader language support beyond C and C++, and an improved licensing model. Despite these challenges, its integration with Jenkins and technical guidance support makes it a reliable choice for teams in defense and software quality assessment. Deployment is quick and easy, yet initial costs are a common concern among users.

What are the key features of CodeSonar?

Quick Analysis: Delivers fast runtime error detection and reporting.
GUI Interface: Offers a user-friendly experience for code browsing.
Scalability: Efficiently deploys across various environments.
Security and Code Detection: Identifies vulnerabilities and potential bugs.
Effective Configuration: Simplified log and analysis configuration.

What benefits can be seen in user reviews?

Detection of Code Vulnerabilities: Enhances security with robust threat detection.
Process Integration: Seamlessly integrates with DevOps tools such as Jenkins.
Scalable Deployment: Quickly adaptable in expanding environments.
GUI Usability: Highly efficient for technical teams to navigate.

CodeSonar is primarily implemented in industries like defense and companies prioritizing code quality. Teams utilize its static code analysis and threat detection capabilities, integrating with Jenkins for continuous integration workflows. Security checks post-builds and technical support are common, aiding in effective defect management.

CodeSecure

Onapsis provides cybersecurity and compliance solutions for critical business applications. It focuses on enhancing security by detecting vulnerabilities and ensuring compliance with industry regulations.

Organizations increasingly rely on Onapsis to protect their business applications from potential threats. Designed to detect and mitigate threats in real-time, it ensures business continuity by integrating with existing security frameworks. Its platform offers robust insights into vulnerabilities, enabling proactive response and management of security policies tailored to enterprise needs.

What are the key features of Onapsis?

Vulnerability Management: Identifies and reports critical risks within business applications.
Compliance Automation: Ensures adherence to regulatory standards.
Real-time Threat Monitoring: Provides continuous surveillance for immediate response.
Integration Capabilities: Seamlessly works with existing IT infrastructure.

What benefits and ROI should you expect?

Improved Security Posture: Enhanced protection for critical assets reduces risks.
Operational Efficiency: Streamlined processes lead to better resource allocation.
Risk Mitigation: Proactive threat identification prevents potential breaches.
Regulatory Compliance: Automated compliance reduces audit preparation time and costs.

Onapsis is implemented across industries like finance, healthcare, and manufacturing to secure ERP systems. Its role in protecting core business applications aligns with the industry-specific needs of securing sensitive data and maintaining compliance with sector regulations.

Onapsis

Sample Customers

Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY

Sony, US Army, Westinghouse, AXA. Galicia, Daimler, Roche, Levi's, Siemens, ABB, KPMG, Mercardo Libre, Verizon, Bacardi, Adgas, Sicpa, Whirlpool, Leaseplan

Buyer's Guide

Application Security Tools

May 2026

Download Free Report

Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: May 2026.

DOWNLOAD NOW

893,438 professionals have used our research since 2012.

See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.