HCL AppScan and SonarQube Cloud are well-regarded tools in the cybersecurity and code quality assessment market. HCL AppScan appears to have an edge in configurability and language support, while SonarQube Cloud excels in continuous code analysis and integration with CI/CD pipelines.
Features: HCL AppScan is lauded for its integration across development phases, robust vulnerability detection, and support for multiple languages. It also provides templates for compliance requirements like PCI. SonarQube Cloud stands out with its continuous code analysis and ability to identify vulnerabilities early in the development cycle, easing integration with CI/CD tools.
Room for Improvement: HCL AppScan could improve by reducing false positives, enhancing CI/CD integration, and expanding language support. Users also seek better compatibility with various tools and clearer documentation. SonarQube Cloud requires enhancements in dynamic analysis and reporting, alongside improving its configuration processes and reducing false positive rates.
Ease of Deployment and Customer Service: HCL AppScan provides flexible on-premises deployment but has faced challenges with technical support responsiveness post-IBM transition. SonarQube Cloud benefits users with quick deployment as a public cloud service. However, it needs better documentation to facilitate smoother integrations.
Pricing and ROI: HCL AppScan is perceived as costly due to its comprehensive features, yet some users find the pricing justified based on capabilities offered. SonarQube Cloud uses scalable pricing based on code lines, which is seen as economical though sometimes expensive for smaller enterprises. Both tools provide a good return on investment depending on the organization's size and needs.
It is easily integrable with the CI/CD pipeline and supports multiple projects with its extensive plugin options.
The product is designed for bigger clients, while smaller companies are often put aside.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
The customer service and support for SonarQube Cloud are responsive and helpful.
Integrating it into different solutions is straightforward.
There are limitations, and it seems to have fewer capabilities than Veracode.
It has been used in multiple projects and performs well.
SonarQube Cloud is a scalable product, and I rate its scalability at seven out of ten.
From my team's feedback, it is almost an eight out of ten.
It is a quite stable solution.
Static code analysis is good, but the product lacks dynamic code scanning capabilities, an area where Veracode excels.
To improve SonarQube Cloud (formerly SonarCloud), it should excel in all these domains.
I would like to see SonarQube Cloud provide more detailed solutions for fixing code issues, especially solutions related to CVEs.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
From my experience, SonarQube Cloud (formerly SonarCloud) is very expensive for small companies.
SonarQube Cloud is roughly equivalent in cost to Veracode, maybe a little cheaper.
We used the open-source version of SonarQube Cloud for its minimum features and did not license its extensive capabilities.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
The most valuable features of SonarQube Cloud (formerly SonarCloud) include code inspection, addressing technical debt, and identifying security vulnerabilities.
It is integrated easily with the CI/CD pipeline, saving time and cost.
I use SonarQube Cloud (formerly SonarCloud) to check the quality of developer code and identify vulnerabilities.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.
SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.
What are the key features of SonarQube Cloud?In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
