We performed a comparison between Fortify Software Security Center and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The reporting is very useful because you can always view an entire list of the issues that you have."
"This is a stable solution at the end of the day."
"You can easily download the tool's rule packs and update them."
"Can tweak rules and feed them into our build pipelines."
"It is a very good tool for analysis and security vulnerability checking."
"The product has a friendly UI that is easy to use and understand."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"Strong code evaluation for budget-minded clients."
"The product is simple."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"We are having issues with false positives that need to be resolved."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"Fortify Software Security Center's setup is really painful."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"A better design of the interface and add some new rules."
"SonarQube is not development-centric like Snyk."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
"After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
More Fortify Software Security Center Pricing and Cost Advice →
Fortify Software Security Center is ranked 27th in Static Application Security Testing (SAST) with 3 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 110 reviews. Fortify Software Security Center is rated 7.4, while SonarQube is rated 8.0. The top reviewer of Fortify Software Security Center writes "A fair-priced solution that helps with application security testing ". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Fortify Software Security Center is most compared with Fortify on Demand, Tricentis Tosca, Checkmarx One and Fortify WebInspect, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Fortify Software Security Center vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.