ImmuniWeb vs SonarQube Server (formerly SonarQube) comparison

ImmuniWeb and Sonar are both solutions in the Static Application Security Testing (SAST) category. ImmuniWeb is ranked #29 with an average rating of 7.8, while Sonar is ranked #1 with an average rating of 8.2. ImmuniWeb holds a 0.3% mindshare in SAST, compared to Sonar’s 25.0% mindshare. Additionally, 85% of ImmuniWeb users are willing to recommend the solution, compared to 81% of Sonar users who would recommend it.

ImmuniWeb

Read 7 ImmuniWeb reviews

965 Views
386 Comparison Views

85% willing to recommend

SonarQube Server (formerly ...

Read 114 SonarQube Server (formerly SonarQube) reviews

36,964 Views
30,888 Comparison Views

81% willing to recommend

ImmuniWeb

SonarQube Server (formerly ...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Mar 9, 2025

SonarQube Server and ImmuniWeb compete in software security and quality analysis. SonarQube Server has higher user satisfaction in pricing and support, while ImmuniWeb justifies its higher cost with advanced features.

Features: SonarQube Server offers comprehensive code quality checks, wide customization options, and effective unit testing support. ImmuniWeb provides AI-driven security features, threat detection, and compliance focus.

Room for Improvement: SonarQube Server could enhance security vulnerability analysis and simplify its interface for non-technical users. Adding more integration support with external tools would be beneficial. ImmuniWeb can improve in offering more granular customization, extend its programming languages support, and reduce costs to make it more accessible.

Ease of Deployment and Customer Service: SonarQube Server's self-hosted setup offers high control but needs technical upkeep. ImmuniWeb’s cloud-based solution is easier to deploy with proactive customer service, easing management for users.

Pricing and ROI: SonarQube Server provides a cost-effective entry with its open-source model, presenting good ROI with community support. ImmuniWeb, though more expensive initially, offers significant ROI via its comprehensive security management and risk mitigation capabilities.

To learn more, read our detailed ImmuniWeb vs. SonarQube Server (formerly SonarQube) Report (Updated: April 2025).

Buyer's Guide

ImmuniWeb vs. SonarQube Server (formerly SonarQube)

April 2025

Download the complete report

Helped 850,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

ImmuniWeb

Ranking in Static Application Security Testing (SAST)

29th

Average Rating

8.2

Reviews Sentiment

7.8

Number of Reviews

Ranking in other categories

Attack Surface Management (ASM) (16th)

SonarQube Server (formerly ...

Ranking in Static Application Security Testing (SAST)

1st

Average Rating

8.0

Reviews Sentiment

7.2

Number of Reviews

114

Ranking in other categories

Application Security Tools (1st), Software Development Analytics (1st)

Mindshare comparison

As of May 2025, in the Static Application Security Testing (SAST) category, the mindshare of ImmuniWeb is 0.3%, down from 0.3% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 25.0%, down from 27.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Featured Reviews

Vivek Ashvinbhai Pancholi

Senior Cybersecurity Consultant at a tech consulting company with 1,001-5,000 employees

Commendable Solution with Robust Vulnerability Detection Mechanism Suitable for Global Market

The solution helped us with one of our clients in the New York area contacted us about a data breach. In response, we swiftly organized a case meeting involving our client, internal, and email customer support teams. Together, we conducted an incident response, facilitating offline assistance for proper planning and risk management processes. We delved into the details of the data breach, identified how it occurred, and collaborated to rectify the issue. The client expressed satisfaction with the resolution process.

Read full review

Wang Dayong

Senior Software Engineering Manager at Hill

Easy to integrate and has a plug-in that supports both C and C++ languages

The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable features are the SLA of Zero false-positives, less time of service development, validation of unlimited patched vulnerabilities, and several others."

"ImmuniWeb is stable."

"I like the fully automated continuous discovery run by ImmuniWeb in the background. We do not need to rerun the same tests or the same scanning against our resources. We need to supply our IP addresses, domain names, and significant resources with special domain names and URLs, and we need to do it only once. Then we always have an up-to-date picture. I also like the integration with our single sign-on system. We do not need to maintain a separate set of usernames or user accounts. We can plug this ImmuniWeb service into our authentication technology, enabling two-factor authentication. We have secure authentication right out of the box. The other important feature I like is the executive view. You can easily switch from a technical view to an executive view and have a helicopter view of the compliance status. We can see how much effort is required and our current status."

"ImmuniWeb boasts a robust vulnerability detection mechanism, formidable threat mitigation, and an efficient remediation process, incorporating automation techniques and ALM strategies. The solution is highly stable. The solution is scalable. Editing Key Points for Review "Review about ImmuniWeb" What is our primary use case? We use the solution when we face challenges and urgent attention is needed for complex cases from our clients. To address this, we collaborate with the middleware, internal, and client teams to analyze and sort through intricate logs concerning our business cybersecurity program. How has it helped my organization? The solution helped us with one of our clients in the New York area contacted us about a data breach. In response, we swiftly organized a case meeting involving our client, internal, and email customer support teams. Together, we conducted an incident response, facilitating offline assistance for proper planning and risk management processes. We delved into the details of the data breach, identified how it occurred, and collaborated to rectify the issue. The client expressed satisfaction with the resolution process. What is most valuable? ImmuniWeb boasts a robust vulnerability detection mechanism, formidable threat mitigation, and an efficient remediation process, incorporating automation techniques and ALM strategies. It also focuses on consumer satisfaction and operates in English-speaking markets, primarily required by the UAE, the United States, Canada, and Australia, among other developed countries. For how long have I used the solution? We have been using this product for the past one and half years. What do I think about the stability of the solution? The solution is highly stable. I rate it a perfect ten. What do I think about the scalability of the solution? The solution is scalable. I rate it a nine out of ten. How are customer service and support? Support is generally excellent"

"The solution's most valuable feature is reporting."

"After the assessment, you clearly know which assets require penetration testing."

"The initial setup process is user-friendly."

"One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside."

"Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version."

"We have worked with the support from SonarQube and we have had good experiences."

"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."

"The solution's user interface is very user-friendly."

"We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage."

"Can tweak rules and feed them into our build pipelines."

"SonarQube is useful for controlling all of our Azure task tracking and scanning."

More SonarQube Server (formerly SonarQube) pros

Cons

"The deployment process on the cloud is straightforward, while on-premise can be complex. Support is generally excellent, although there can be delays in ticket resolution."

"Its technical support could be better."

"ImmuniWeb sometimes shows previous scans instead of running tests."

"A great idea would be to support using Discovery on the internal network, allowing delivery of all the features of the current Discovery to internal network resources."

"A great idea would be to make a mobile application for the ImmuniWeb portal so that all information would be available on the go and from a mobile phone as well. It would be much more convenient."

"It would be better if they had an automated tagging feature. The tagging functionality currently requires manual tagging, and that's probably the most needed feature from my standpoint. We also do not have enough tools, enough features, or options to display different resources in the way we need. There are basic grouping and some filtering features, but we still cannot fully separate some flavors of our resources. However, we may not be aware of the latest features."

"The product’s interface for the web applications could be similar to Android and iOS versions."

"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."

"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."

"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."

"Expression of common vulnerabilities and exposures is not always current."

"Our developers have complained about the Quality Gates and the number of false positives that this product reports."

"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."

"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."

"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."

More SonarQube Server (formerly SonarQube) cons

Pricing and Cost Advice

"There should be the flexibility to change or add pricing, especially for pay-per-use cases."

"I use the product's free version. The tool costs around 229 dollars."

"It is pretty expensive."

"ImmuniWeb is relatively cheap. It's a competitive price compared to other products in the marketplace. It's worth the money we are paying for it."

"The values of ImmuniWeb are currently significantly below what is valued in the Chilean market for these services and solutions."

"The platform is expensive if a large development is involved. However, it is less expensive for scheduled-based testing, quarterly or in a year."

"It is pretty expensive."

"We're using their free Community Edition version."

"I requested this license for one million lines of code and they accepted this."

"We are using the open-source community version, but there are enterprise licenses available."

"SonarQube enterprise, I am not sure of the price but from what I understand they are charging a fee. It's is not clear if it is an annual fee or a one-off."

"We are using the Community edition of SonarQube."

"The developer edition is based on cost per lines of code."

"There is both a free and licensed version. The free version has limitations on development languages and support."

"We are using the Developer Edition and the cost is based on the amount of code that is being processed."

More SonarQube Server (formerly SonarQube) pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

850,028 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

19%

Computer Software Company

14%

Comms Service Provider

University

Financial Services Firm

16%

Computer Software Company

15%

Manufacturing Company

13%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you recommend for a securing Web Application?

In addition to Sitelock and Immuniweb, another option to consider for a 24/7 automated vulnerability monitoring tool to protect web applications is Modshield SB Modshield SB is a web application fi...

See all answers

What do you like most about ImmuniWeb?

ImmuniWeb is stable.

See all answers

What is your experience regarding pricing and costs for ImmuniWeb?

I use the product's free version. The tool costs around 229 dollars.

See all answers

Is SonarQube the best tool for static analysis?

I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...

See all answers

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

See all answers

How would you decide between Coverity and Sonarqube?

We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...

See all answers

Comparisons

Acunetix vs ImmuniWeb

Compared 48% of the time

Qualys Web Application Scanning vs ImmuniWeb

Compared 26% of the time

PortSwigger Burp Suite Professional vs ImmuniWeb

Compared 14% of the time

Veracode vs ImmuniWeb

Compared 13% of the time

More ImmuniWeb Competitors

Checkmarx One vs SonarQube Server (formerly SonarQube)

Compared 13% of the time

Coverity vs SonarQube Server (formerly SonarQube)

Compared 13% of the time

GitHub Advanced Security vs SonarQube Server (formerly SonarQube)

Compared 11% of the time

SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube)

Compared 8% of the time

Veracode vs SonarQube Server (formerly SonarQube)

Compared 7% of the time

More SonarQube Server (formerly SonarQube) Competitors

Product Reports

Buyer's Guide

ImmuniWeb

April 2025

Download ImmuniWeb product report

Buyer's Guide

SonarQube Server (formerly SonarQube)

April 2025

SonarQube Server (formerly SonarQube) report

Download SonarQube Server (formerly SonarQube) product report

Also Known As

No data available

Sonar

Interactive Demo

Demo not available

ImmuniWeb

Sonar

Overview

ImmuniWeb is a global application security company operating in over 50 countries, headquartered in Geneva, Switzerland. Most of ImmuniWeb's customers come from regulated industries, such as banking, healthcare, and e-commerce.

ImmuniWeb® AI Platform leverages award-winning AI and Machine Learning technology for acceleration and intelligent automation of Attack Surface Management and Dark Web Monitoring. The data is later leveraged for threat-aware and risk-based Application Penetration Testing for web, mobile, and API security testing. ImmuniWeb is the only company that offers a contractual zero false-positives SLA with a money-back guarantee. ImmuniWeb’s AI technology is a recipient of numerous awards and recognitions, including Gartner Cool Vendor, IDC Innovator, and the winner of “SC Award Europe” in the “Best Usage of Machine Learning and AI” category.

ImmuniWeb® Community Edition runs over 100,000 daily tests, being one of the largest application security communities. ImmuniWeb SA is an ISO 27001 certified and CREST-accredited company.

https://www.immuniweb.com.

ImmuniWeb

SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.

SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.

What are the key features of SonarQube Server?

Support for 20+ languages: Extensive programming language support suitable for diverse coding environments.
Custom coding rules: Allows for tailored rule sets to match specific coding standards.
Flexible quality gates: Define criteria for code acceptance at various intervals.
CI/CD integration: Seamless integration with Continuous Integration/Continuous Deployment tools.
Rich interface: User-friendly dashboard with detailed visual insights.

What benefits should users expect from SonarQube Server?

Improved code quality: Enhanced analysis contributes to fewer bugs and improved coding practices.
Security enhancements: Identifies and mitigates security vulnerabilities pre-emptively.
Maintainability: Reduces technical debt, yielding long-term development efficiency.
Customizable: Flexibility in configuration aligns with specific project needs.

Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.

Sonar

Sample Customers

Ebay, United Nations, Next Bank Credit Agricole, Geneva Swiss Bank, Banca Stato, Celgene, SIM University, Heymarket, Swissquote, more...

Information Not Available

Buyer's Guide

ImmuniWeb vs. SonarQube Server (formerly SonarQube)

April 2025

Free Report: ImmuniWeb vs. SonarQube Server (formerly SonarQube)

Find out what your peers are saying about ImmuniWeb vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: April 2025.

DOWNLOAD NOW

850,028 professionals have used our research since 2012.

See our ImmuniWeb vs. SonarQube Server (formerly SonarQube) report.

See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.