We performed a comparison between Fortra Tripwire IP360, HCL AppScan, and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."Tripwire IP360 is a very stable solution."
"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"We could manage our entire IP range with the solution."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"This solution saves us time due to the low number of false positives detected."
"You can easily find particular features and functions through the UI."
"The security and the dashboard are the most valuable features."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The solution is easy to use."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"If you want to have your code scanned and timed then this is a good tool."
"My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it."
"All the features of the solution are quite good."
"The solution offers a very good community edition."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"The SonarQube dashboard looks great."
"We need to dedicate time and resources to keep it running."
"I am not very impressed by the technical support."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"Scans become slow on large websites."
"The databases for HCL are small and have room for improvement."
"The pricing has room for improvement."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"Many silly false positives are produced."
"It has crashed at times."
"The product has some technical limitations."
"The solution could improve by having a mobile version."
"It should be user-friendly."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"Ease of use/interface."
"The BPM language is important and should be considered in SonarQube."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
"I find it is light on the security side."
