We performed a comparison between HCL AppScan and Sonarqube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Sonarqube offers better integration capabilities than HCL AppScan. Additionally, Sonarqube users are happier with the pricing. For these reasons, Sonarqube is the more desirable product in this comparison.
"It provides a better integration for our ecosystem."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"There's extensive functionality with custom rules and a custom knowledge base."
"It was easy to set up."
"This solution saves us time due to the low number of false positives detected."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"The code coverage feature is very good."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"There is a free version."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"If code coverage is a low number then that's of great value to me."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"There is room for improvement in the pricing model."
"There is not a central management for static and dynamic."
"The databases for HCL are small and have room for improvement."
"It has crashed at times."
"They should have a better UI for dashboards."
"They have to improve support."
"Many silly false positives are produced."
"The security in SonarQube could be better."
"I would like to see dynamic code analysis in the next version of the software."
"We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"Monitoring is a feature that can be improved in the next version."
HCL AppScan is ranked 14th in Application Security Tools with 39 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. HCL AppScan is rated 7.6, while SonarQube is rated 8.0. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". HCL AppScan is most compared with Veracode, Acunetix, OWASP Zap, PortSwigger Burp Suite Professional and Fortify WebInspect, whereas SonarQube is most compared with Checkmarx, SonarCloud, Coverity and Veracode. See our HCL AppScan vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.