We performed a comparison between GitHub Code Scanning and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."We use GitHub Code Scanning mostly for source code management."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"SonarQube is scalable. My company has 50 users."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage."
"There is a free version."
"The most valuable features are the dashboard, the ability to drill down to the code, user-friendly, and the technical debt estimation."
"GitHub Code Scanning should add more templates."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"The pricing could be reduced a bit. It's a little expensive."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"There isn't a very good enterprise report."
"I would like to see more options for security, beyond the basics like SQL injection."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"Ease of use/interface."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
GitHub Code Scanning is ranked 20th in Application Security Testing (AST) with 1 review while SonarQube is ranked 1st in Application Security Testing (AST) with 110 reviews. GitHub Code Scanning is rated 10.0, while SonarQube is rated 8.0. The top reviewer of GitHub Code Scanning writes "A highly stable solution that can be used for source code management". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitHub Code Scanning is most compared with SonarCloud, Coverity and Polaris Software Integrity Platform, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.