We performed a comparison between Fortify Application Defender and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Its ability to find security defects is valuable."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"The most valuable feature is that it analyzes data in real-time."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The product saves us cost and time."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"SonarQube is a fantastic tool which saves us precious time."
"The product has a friendly UI that is easy to use and understand."
"The good thing with SonarQube is it covers a lot of issues, it's a very robust framework."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"The initial setup is simple. It requires some security, but it's simple."
"There's plenty of documentation available to users."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"Fortify Application Defender gives a lot of false positives."
"The licensing can be a little complex."
"I encountered many false positives for Python applications."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The workbench is a little bit complex when you first start using it."
"The false positive rate should be lower."
"The solution is quite expensive."
"Support for older compilers/IDEs is lacking."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"You may need to purchase add-ons to get the useability you desire."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
Fortify Application Defender is ranked 34th in Application Security Tools with 11 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Fortify Application Defender is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Fortify Application Defender writes "Reliable solution with excellent machine learning algorithms but expensive and lacking support". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, Qualys Web Application Scanning and Fortify on Demand, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Fortify Application Defender vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.