GitHub Code Scanning vs SonarCloud comparison

GitHub Code Scanning
Read 2 GitHub Code Scanning reviews
  • 247 Views
  • 208 Comparison Views
100% willing to recommend
SonarCloud
Read 10 SonarCloud reviews
  • 10,734 Views
  • 8,277 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between GitHub Code Scanning and SonarCloud based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed GitHub Code Scanning vs. SonarCloud Report (Updated: July 2024).
Buyer's Guide
GitHub Code Scanning vs. SonarCloud
July 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

GitHub Code Scanning
Ranking in Static Application Security Testing (SAST)
22nd
Average Rating
9.6
Number of Reviews
2
Ranking in other categories
No ranking in other categories
SonarCloud
Ranking in Static Application Security Testing (SAST)
10th
Average Rating
8.4
Number of Reviews
10
Ranking in other categories
No ranking in other categories
 

Featured Reviews

AG
Nov 23, 2023
A highly stable solution that can be used for source code management
We use GitHub Code Scanning mostly for source code management GitHub Code Scanning should add more templates. I have been using GitHub Code Scanning for six to seven months. I rate GitHub Code Scanning ten out of ten for stability. GitHub Code Scanning is a scalable solution. Around 2,000 to…
Read full review
Huzaifa Asif - PeerSpot reviewer
Dec 12, 2023
A comprehensive code quality management offering all-in-one functionality, including static code analysis, security assessments, and code optimization, while providing valuable insights for developers
There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation could use improvement in providing clearer instructions. I found myself needing to engage with support multiple times to navigate through certain aspects. Additionally, it would be beneficial if it could streamline the integration process for new features. Enhancing documentation on how to integrate these features seamlessly would go a long way in improving user experience. The introduction of an auto-commit functionality would be a valuable addition. Some other tools offer this feature, allowing for the automatic creation of pull requests to address identified issues. This functionality significantly reduces the manual effort required.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution helps identify vulnerabilities by understanding how ports communicate with applications running on a system. Ports are like house numbers; to visit someone's house, you must know their number. Similarly, ports are used to communicate with applications. For example, if you want to use an HTTP web server, you must use port 80. It is the port on which the web application or your server listens for incoming requests."
"We use GitHub Code Scanning mostly for source code management."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The reports from SonarCloud are very good."
"The solution can be installed locally."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"For what it is meant to do, it works pretty well."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
More SonarCloud pros
 

Cons

"GitHub Code Scanning should add more templates."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
"It would be helpful if notifications could go out to an extra person."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"SonarCloud's UI needs enhancement."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
More SonarCloud cons
 

Pricing and Cost Advice

"The minimum pricing for the tool is five dollars a month."
"GitHub Code Scanning is a moderately priced solution."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"I am using the free version of the solution."
"I rate the pricing a five out of ten."
"While not extremely cheap, it aligns well with market standards and offers good value."
"The current pricing is quite cheap."
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
21%
Financial Services Firm
11%
Comms Service Provider
6%
Manufacturing Company
6%
Computer Software Company
18%
Financial Services Firm
10%
Manufacturing Company
9%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about GitHub Code Scanning?
We use GitHub Code Scanning mostly for source code management.
See all answers
What is your experience regarding pricing and costs for GitHub Code Scanning?
The minimum pricing for the tool is five dollars a month.
See all answers
What needs improvement with GitHub Code Scanning?
GitHub Code Scanning should add more templates.
See all answers
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
See all answers
What is your experience regarding pricing and costs for SonarCloud?
I would rate the price an eight out of ten because it's reasonable. While not extremely cheap, it aligns well with market standards and offers good value. It's an all-inclusive package where you pa...
See all answers
What needs improvement with SonarCloud?
There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation coul...
See all answers
 

Comparisons

Coverity vs GitHub Code Scanning Logo
Coverity vs GitHub Code Scanning
Compared 27% of the time
SonarQube vs GitHub Code Scanning Logo
SonarQube vs GitHub Code Scanning
Compared 21% of the time
Polaris Software Integrity Platform vs GitHub Code Scanning Logo
Polaris Software Integrity Platform vs GitHub Code Scanning
Compared 11% of the time
Veracode vs GitHub Code Scanning Logo
Veracode vs GitHub Code Scanning
Compared 8% of the time
More GitHub Code Scanning Competitors
SonarQube vs SonarCloud Logo
SonarQube vs SonarCloud
Compared 78% of the time
Veracode vs SonarCloud Logo
Veracode vs SonarCloud
Compared 7% of the time
Checkmarx One vs SonarCloud Logo
Checkmarx One vs SonarCloud
Compared 4% of the time
GitLab vs SonarCloud Logo
GitLab vs SonarCloud
Compared 3% of the time
Fortify on Demand vs SonarCloud Logo
Fortify on Demand vs SonarCloud
Compared 1% of the time
More SonarCloud Competitors
 

Product Reports

Buyer's Guide
Static Application Security Testing (SAST)
July 2024
GitHub Code Scanning reportDownload GitHub Code Scanning product report
Buyer's Guide
SonarCloud
June 2024
SonarCloud reportDownload SonarCloud product report
 

Learn More

GitHub
Sonar
 

Interactive Demo

Demo not available
GitHub
Sonar
 

Overview

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.

SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security analysis as a service. SonarCloud integrates seamlessly with popular version control and CI/CD platforms such as GitHub, Bitbucket, and Azure DevOps. It provides static code analysis to identify and help remediate issues such as bugs and security vulnerabilities. SonarCloud enables developers to receive immediate feedback on their code within their development environment, facilitating the maintenance of high-quality code standards, and promoting a culture of continuous improvement in software development projects. It helps produce software that is secure, reliable, and maintainable. SonarCloud is free for open-source projects and is offered as a paid subscription for private projects, priced per lines of code.

 

Sample Customers

Information Not Available
Buyer's Guide
GitHub Code Scanning vs. SonarCloud
July 2024
Free Report: GitHub Code Scanning vs. SonarCloud
Find out what your peers are saying about GitHub Code Scanning vs. SonarCloud and other solutions. Updated: July 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our GitHub Code Scanning vs. SonarCloud report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.