Try our new research platform with insights from 80,000+ expert users

GitGuardian Platform vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

GitGuardian Platform
Ranking in Application Security Tools
6th
Ranking in Static Application Security Testing (SAST)
5th
Average Rating
9.0
Reviews Sentiment
7.4
Number of Reviews
24
Ranking in other categories
Data Loss Prevention (DLP) (6th), Software Supply Chain Security (4th), DevSecOps (4th)
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
113
Ranking in other categories
Software Development Analytics (1st)
 

Mindshare comparison

As of January 2025, in the Application Security Tools category, the mindshare of GitGuardian Platform is 0.5%, up from 0.2% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.4%, down from 27.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Joan Ging - PeerSpot reviewer
It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation
While they do offer some basic reporting, more comprehensive reporting would be beneficial in the long run. This would allow me to demonstrate the value of the product over time to continue to effectively budget for this subscription, especially as they add features that may come at an additional cost. I appreciate the improvements made to reporting over the past year, but continued development in this area will be appreciated. We have encountered occasional difficulties with the Single Sign-On process. There is room for improvement in its current implementation. It works, but was not quite as smooth as the rest of the GitGuardian experience.
Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"There is quite a lot to like. Its user interface is fantastic, and being able to sort the incidents by whether they are valid or for a certain repository or a certain user has been very beneficial in helping investigate what has been found."
"GitGuardian has helped to increase our security team's productivity. Now, we don't need to call the developers all the time and ask what they are working on. I feel the solution bridged the gap between our team and the developers, which is really great. I feel that we need that in our company, since some of the departments are just doing whatever and you don't know what they are doing. I think GitGuardian does a good job of bridging the gap. It saves us about 10 hours per week."
"GitGuardian Internal Monitoring has helped increase our secrets detection rate by several orders of magnitude. This is a hard metric to get. For example, if we knew what our secrets were and where they were, we wouldn't need GitGuardian or these types of solutions. There could be a million more secrets that GitGuardian doesn't detect, but it is basically impossible to find them by searching for them."
"The most valuable feature is the general incident reporting system."
"The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there."
"You can also assign tasks to specific teams or people to complete, such as assigning something to the "blue team" or saying that this person needs to do this, and that person needs to do that. That is a great feature because you can actually manage your team internally in GitGuardian."
"What is particularly helpful is that having GitGuardian show that the code failed a check enables us to automatically pass the resolution to the author. We don't have to rely on the reviewer to assign it back to him or her. Letting the authors solve their own problems before they get to the reviewer has significantly improved visibility and reduced the remediation time from multiple days to minutes or hours. Given how time-consuming code reviews can be, it saves some of our more scarce resources."
"The breadth of the solution detection capabilities is pretty good. They have good categories and a lot of different types of secrets... it gives us a great range when it comes to types of secrets, and that's good for us."
"SonarQube is admin friendly."
"We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part."
"The most valuable function is its usability."
"The static code analysis is very good."
"The product has a friendly UI that is easy to use and understand."
"I like that it has a better dashboard compared to Clockwork. It's also stable."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
 

Cons

"They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers."
"One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs."
"An area for improvement is the front end for incidents. The user experience in this area could be much better."
"We have encountered occasional difficulties with the Single Sign-On process."
"We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories."
"There is room for improvement in its integration for bug-tracking. It should be more direct. They have invested a lot in user management, but they need to invest in integrations. That is a real lack."
"One of our current challenges is that the GitGuardian platform identifies encrypted secrets and statements as sensitive information even though they're secured."
"Right now, we are waiting for improvement in the RBAC support for GitGuardian."
"Technical support and the price could be better."
"Our developers have complained about the Quality Gates and the number of false positives that this product reports."
"A little bit more emphasis on security and a bit more security scanning features would be nice."
"In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."
"Currently requires multiple tools, lacking one overall tool."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
"The product's user documentation can be vastly improved."
 

Pricing and Cost Advice

"We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
"The pricing for GitGuardian is fair."
"The pricing and licensing are fair. It isn't very expensive and it's good value."
"You get what you pay for. It's one of the more expensive solutions, but it is very good, and the low false positive rate is a really appealing factor."
"It's not cheap, but it's not crazy expensive either."
"It's a little bit expensive."
"With GitGuardian, we didn't need any middlemen."
"We don't have a huge number of users, but its yearly rate was quite reasonable when compared to other per-seat solutions that we looked at... Having a free plan for a small number of users was really great. If you're a small team, I don't see why you wouldn't want to get started with it."
"We're using the Community Edition, and we don't pay for anything."
"We are using the community version of the solution and we plan on purchasing licenses for the upgraded version soon. There is a limitation on how many lines of code can be scanned and this is why we are going to purchase a license for an increased amount."
"I think comparing the product to competitors it should be less expensive."
"We are using the open-source community version, but there are enterprise licenses available."
"I requested this license for one million lines of code and they accepted this."
"We use the solution free of cost."
"It's an open-source product."
"This product is open source and very convenient."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
831,265 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
22%
Government
11%
Media Company
10%
Wholesaler/Distributor
6%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about GitGuardian Internal Monitoring ?
It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smal...
What needs improvement with GitGuardian Internal Monitoring ?
We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories. Ideally, when a user contributes to a repository, they would be automatically...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

GitGuardian Internal Monitoring
Sonar
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Automox, 66degrees (ex Cloudbakers), Iress, Now:Pensions, Payfit, Orange, BouyguesTelecom, Seequent, Stedi, Talend, Snowflake... 
Information Not Available
Find out what your peers are saying about GitGuardian Platform vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: January 2025.
831,265 professionals have used our research since 2012.