• Home
  • GitGuardian Platform vs. SonarQube

GitGuardian Platform vs SonarQube comparison

Cancel
You must select at least 2 products to compare!
GitGuardian Logo

GitGuardian Platform

Read 21 GitGuardian Platform reviews
2,423 views|396 comparisons
100% willing to recommend
Sonar Logo

SonarQube

Read 108 SonarQube reviews
54,985 views|43,627 comparisons
80% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
GitGuardian Platform vs. SonarQube
March 2024
Executive Summary

We performed a comparison between GitGuardian Platform and SonarQube based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed GitGuardian Platform vs. SonarQube Report (Updated: March 2024).
Download the complete report
768,886 professionals have used our research since 2012.
Featured Review
George Jenkins
It enables us to remediate issues as they happen in near real-time
GitGuardian has improved our visibility, which is crucial for a startup with a small security team. The ability to automate detection and response... Read more →
BudiSetiawan
This solution is simple to use and can be quickly deployed
The solution has helped us to find flaws in the Syntax and comply with requirements.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"GitGuardian has many features that fit our use cases. We have our internal policies on secret exposure, and our code is hosted on GitLab, so we need to prevent secrets from reaching GitLab because our customers worry that GitLab is exposed. One of the great features is the pre-receive hook. It prevents commits from being pushed to the repository by activating the hook on the remotes, which stops the developers from pushing to the remote. The secrets don't reach GitLab, and it isn't exposed.""When they give you a description of what happened, it's really easy to follow and to retest. And the ability to retest is something that you don't have in other solutions. If a secret was detected, you can retest if it is still there. It will show you if it is in the history.""We have definitely seen a return on investment when it finds things that are real. We have caught a couple things before they made it to production, and had they made it to production, that would have been dangerous.""I like that GitGuardian automatically notifies the developer who committed the change. The security team doesn't need to act as the intermediary and tell the developer there is an alert. The alert goes directly to the developer.""You can also assign tasks to specific teams or people to complete, such as assigning something to the "blue team" or saying that this person needs to do this, and that person needs to do that. That is a great feature because you can actually manage your team internally in GitGuardian.""Presently, we find the pre-commit hooks more useful.""GitGuardian has also helped us develop a security-minded culture. We're serious about shift left and getting better about code security. I think a lot of people are getting more mindful about what a secret is.""The breadth of the solution detection capabilities is pretty good. They have good categories and a lot of different types of secrets... it gives us a great range when it comes to types of secrets, and that's good for us."

More GitGuardian Platform Pros →

"We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard.""The software quality gate streamlines the product's quality.""The most valuable features are the analysis and detection of issues within the application code.""Before you even compile, it can catch known vulnerability issues or patterns.""The product itself has a friendly UI.""We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part.""Can tweak rules and feed them into our build pipelines.""SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."

More SonarQube Pros →

Cons
"We have been somewhat confused by the dashboard at times.""It would be nice if they supported detecting PII or had some kind of data loss prevention feature.""They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers.""The main thing for me is the customization for some of the healthcare-specific identifiers that we want to validate. There should be some ability, which is coming in the near future, to have custom identifiers. Being in healthcare, we have pretty specific patterns that we need to match for PHI or PII. Having that would add a little bit extra to it.""There is room for improvement in its integration for bug-tracking. It should be more direct. They have invested a lot in user management, but they need to invest in integrations. That is a real lack.""It took us a while to get new patterns introduced into the pattern reporting process.""One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs.""GitGuardian could have more detailed information on what software engineers can do. It only provides some highly generic feedback when a secret is detected. They should have outside documentation. We send this to our software engineers, who are still doing the commits. It's the wrong way to work, but they are accustomed to doing it this way. When they go into that ticket, they see a few instructions that might be confusing. If I see a leaked secret committed two years ago, it's not enough to undo that commit. I need to go in there, change all my code to utilize GitHub secrets, and go on AWS to validate my key."

More GitGuardian Platform Cons →

"I would like to see dynamic code analysis in the next version of the software.""If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time.""We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing.""The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment.""We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better.""The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at.""Lacks sufficient visibility and documentation.""New plug-ins should be integrated into SonarCloud to give more flexibility to the product."

More SonarQube Cons →

Pricing and Cost Advice
  • "We don't have a huge number of users, but its yearly rate was quite reasonable when compared to other per-seat solutions that we looked at... Having a free plan for a small number of users was really great. If you're a small team, I don't see why you wouldn't want to get started with it."
  • "It's a little bit expensive."
  • "You get what you pay for. It's one of the more expensive solutions, but it is very good, and the low false positive rate is a really appealing factor."
  • "The pricing and licensing are fair. It isn't very expensive and it's good value."
  • "The internal side is cheap per user. It is annual pricing based on the number of users."
  • "We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
  • "It could be cheaper. When GitHub secrets monitoring solution goes to general access and general availability, GitGuardian might be in a little bit of trouble from the competition, and maybe then they might lower their prices. The GitGuardian solution is great. I'm just concerned that they're not GitHub."
  • "It's not cheap, but it's not crazy expensive either."

    • More GitGuardian Platform Pricing and Cost Advice →

  • "This is open source."
  • "We did not purchase a license (required for C++ support), but this option was considered."
  • "Get the paid version which allows the customized dashboard and provides technical support."
  • "People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it."
  • "This product is open source and very convenient."
  • "The licence is standard open source licensing"
  • "The price point on SonarQube is good."
  • "Some of the plugins that were previously free are not free now."

    • More SonarQube Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    768,886 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about GitGuardian Internal Monitoring ?
    Top Answer:It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smaller… more »
    Read all 15 answers   →
    What is your experience regarding pricing and costs for GitGuardian Inter...
    Top Answer:The purchasing process is convoluted compared to Snyk, the other tool we use. It's like night and day because you only need to punch in your credit card, and you're set. With GitGuardian, getting a… more »
    Read all 13 answers   →
    What needs improvement with GitGuardian Internal Monitoring ?
    Top Answer:GitGuardian had a really nice feature that allowed you to compare all the public GitHub repositories against your code base and see if your code leaked. They discontinued it for some reason about… more »
    Read all 15 answers   →
    Is SonarQube the best tool for static analysis?
    Top Answer:I am not very familiar with SonarQube and their solutions, so I can not answer But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have  a look… more »
    Read all 10 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Ranking
    8th
    out of 74 in Application Security Tools
    Views
    2,423
    Comparisons
    396
    Reviews
    15
    Average Words per Review
    1,414
    Rating
    9.0
    1st
    out of 74 in Application Security Tools
    Views
    54,985
    Comparisons
    43,627
    Reviews
    19
    Average Words per Review
    391
    Rating
    8.0
    Comparisons
    Also Known As
    GitGuardian Internal Monitoring
    Sonar
    Learn More
    GitGuardian
    Sonar
    Interactive Demo
    GitGuardian
    Demo Not Available
    Sonar
    Watch a demo
    Overview

    GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.

    Widely adopted by developer communities, GitGuardian is used by more than 500,000 developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.

    GitGuardian Platform includes automated secrets detection and remediation. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.

    Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.

    GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents fast and in full. By pulling developers closer to the remediation process, organizations can achieve higher incident closing rates and shorter fix times.

    The platform integrates across the DevOps toolchain, including native support for continuously scanning VCS platforms like GitHub, Gitlab, Azure DevOps and Bitbucket or CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab pipelines, and many more. It also integrates with ticketing and messaging systems like Splunk, PagerDuty, Jira and Slack to support teams with their incident remediation workflows. GitGuardian is offered as a SaaS platform but can also be hosted on-premise for organizations operating in highly regulated industries or with strict data privacy requirements.

    SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of your release pipeline, displaying pass/fail results for new code based on quality profiles you customize to your company standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production.

    At its core, SonarQube includes a static code analyzer that identifies bugs, security vulnerabilities, hidden secrets, and code smells. The platform guides you through issue resolution, fostering a culture of continuous improvement. SonarQube’s comprehensive reporting is a valuable tool for dev teams to monitor their codebase's overall health and quality across multiple projects in their portfolio. With SonarQube, you can achieve a state of Clean Code, leading to secure, reliable, and maintainable software.

    Sonar is the only solution combining the power of industry-leading software quality analysis with static application security testing (SAST) and real-time coding guidance in the IDE (with SonarLint) to meet the DevOps and DevSecOps demand of putting agility, automation, and security in the hands of developers. Further accelerate DevOps continuous integration by helping developers find and fix issues in code before the software testing stage, reducing the churn of finding, fixing, rebuilding, and retesting your app.

    With over 5,000 Clean Code rules, SonarQube analyzes 30+ of the most popular programming languages, including dozens of frameworks, the top DevOps platforms (GitLab, GitHub, Azure DevOps, and Bitbucket, and more), and the leading infrastructure as code (IaC) platforms.

    SonarQube is the most trusted static code analyzer used by over 7 million developers and 400,000 organizations globally to clean over half a trillion lines of code.

    Sample Customers
    Automox, 66degrees (ex Cloudbakers), Iress, Now:Pensions, Payfit, Orange, BouyguesTelecom, Seequent, Stedi, Talend, Snowflake... 
    Top Industries
    REVIEWERS
    Computer Software Company29%
    Insurance Company12%
    Wholesaler/Distributor12%
    Comms Service Provider12%
    VISITORS READING REVIEWS
    Comms Service Provider22%
    Computer Software Company12%
    Financial Services Firm10%
    Media Company8%
    REVIEWERS
    Computer Software Company30%
    Financial Services Firm21%
    Comms Service Provider7%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company15%
    Manufacturing Company11%
    Government6%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise29%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise13%
    Large Enterprise62%
    REVIEWERS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    GitGuardian Platform vs. SonarQube
    March 2024
    Free Report: GitGuardian Platform vs. SonarQube
    Find out what your peers are saying about GitGuardian Platform vs. SonarQube and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,886 professionals have used our research since 2012.

    GitGuardian Platform is ranked 8th in Application Security Tools with 21 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. GitGuardian Platform is rated 9.0, while SonarQube is rated 8.0. The top reviewer of GitGuardian Platform writes "It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitGuardian Platform is most compared with Cycode, GitHub Advanced Security, Snyk, Veracode and Microsoft Purview Data Loss Prevention, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our GitGuardian Platform vs. SonarQube report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.