We performed a comparison between GitHub and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product has a very user-friendly interface and user-friendly security."
"This solution is just easy to use."
"We use GitHub instead of our regular shared drive. It offers instant access to shared folders as well as good security."
"The initial setup was straightforward."
"I use this solution to store my code in a repository so we can manage version control which is useful."
"I have found GitHub stable."
"The product has a good UI. It's simple and easy to access, and technical help is easily available. The two-factor authentication security is another valuable feature."
"The solution can scale."
"With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
"The initial setup is simple. It requires some security, but it's simple."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"It is working fine. It provides a good value for money."
"All the features of the solution are quite good."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"The software quality gate streamlines the product's quality."
"SonarQube is a fantastic tool which saves us precious time."
"It would be useful to have tutorial videos within the GitHub dashboard."
"The solution can improve by adding video guides, official guides, or short courses that cater to beginners who are new to the system. These resources could offer step-by-step guidance on how to use GitHub, including common procedures such as pulling and committing. Currently, many of us have to resort to searching for information on how to do these tasks via Google. An official guide provided by GitHub itself would be a valuable asset to newcomers and would save them time and effort."
"GitHub could have better integration or capability with other solutions."
"The solution could have better support for the Markdown language."
"Could be more user friendly."
"If you are uploading or cloning a large file, with more than 25 megs, it's pretty slow."
"GitHub storage is one of the main requirements and it could improve."
"It is difficult to merge a code or restore it to an older version."
"The product needs to integrate other security tools for security scanning."
"The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
"SonarQube could improve its static application security testing as per the industry standard."
"If I configure a project in SonarQube, it generates a token. When we're compiling our code with SonarQube, we have to provide the token for security reasons. If IP-based connectivity is established with the solution, the project should automatically be populated without providing any additional token. It will be easy to provide just the IP address. It currently supports this functionality, but it makes a different branch in the project dashboard. From the configuration and dashboard point of view, it should have some transformations. There can be dashboard integration so that we can configure the dashboard for different purposes."
"A better design of the interface and add some new rules."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"The product's user documentation can be vastly improved."
GitHub is ranked 10th in Application Security Tools with 64 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. GitHub is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitHub is most compared with Snyk, AWS CodeCommit, Atlassian SourceTree, Bitbucket and Helix Core, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our GitHub vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.