ImmuniWeb vs SonarQube Server (formerly SonarQube) comparison

ImmuniWeb and Sonar are both solutions in the Static Application Security Testing (SAST) category. ImmuniWeb is ranked #23 with an average rating of 8.7, while Sonar is ranked #1 with an average rating of 8.3. ImmuniWeb holds a 0.4% mindshare in SAST, compared to Sonar’s 22.1% mindshare. Additionally, 85% of ImmuniWeb users are willing to recommend the solution, compared to 81% of Sonar users who would recommend it.

ImmuniWeb

Read 7 ImmuniWeb reviews

1,175 Views
858 Comparison Views

85% willing to recommend

SonarQube Server (formerly ...

Read 116 SonarQube Server (formerly SonarQube) reviews

43,055 Views
31,861 Comparison Views

81% willing to recommend

ImmuniWeb

SonarQube Server (formerly ...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jun 15, 2025

SonarQube Server and ImmuniWeb both offer solutions in the code analysis and security sector. ImmuniWeb seems to have the advantage due to its robust security testing capabilities, making it ideal for organizations with a cybersecurity focus. SonarQube Server is preferred for its seamless integration with various DevOps tools.

Features: SonarQube Server provides continuous code quality analysis and supports multiple programming languages with intuitive CI/CD tool integration. ImmuniWeb excels in advanced security testing, including vulnerability scanning and API security assessments, offering comprehensive risk insights.

Room for Improvement: SonarQube could improve its security testing to match dedicated security solutions. Its licensing model requires adaptation to cloud deployment trends. ImmuniWeb might enhance its integration with more DevOps environments and expand language support to match competitors.

Ease of Deployment and Customer Service: SonarQube's straightforward on-premises deployment with extensive integration documentation suits in-house setups. ImmuniWeb's cloud-based model offers ease of setup and scalability, supported by responsive customer service, appealing for easy deployments.

Pricing and ROI: SonarQube's open-source foundation offers economical upfront costing ideal for larger teams, increasing ROI through continuous improvement. ImmuniWeb's subscription model reflects its comprehensive security services, delivering high ROI in security-focused sectors, justifying the expenditure for critical security needs.

To learn more, read our detailed ImmuniWeb vs. SonarQube Server (formerly SonarQube) Report (Updated: July 2025).

Buyer's Guide

ImmuniWeb vs. SonarQube Server (formerly SonarQube)

July 2025

Download the complete report

Helped 865,384 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

ImmuniWeb

Ranking in Static Application Security Testing (SAST)

23rd

Average Rating

8.2

Reviews Sentiment

7.8

Number of Reviews

Ranking in other categories

Attack Surface Management (ASM) (19th)

SonarQube Server (formerly ...

Ranking in Static Application Security Testing (SAST)

1st

Average Rating

8.0

Reviews Sentiment

7.2

Number of Reviews

116

Ranking in other categories

Application Security Tools (1st), Software Development Analytics (1st)

Mindshare comparison

As of August 2025, in the Static Application Security Testing (SAST) category, the mindshare of ImmuniWeb is 0.4%, up from 0.3% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 22.1%, down from 27.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Featured Reviews

Vivek Ashvinbhai Pancholi

Senior Cybersecurity Consultant at a tech consulting company with 1,001-5,000 employees

Commendable Solution with Robust Vulnerability Detection Mechanism Suitable for Global Market

The solution helped us with one of our clients in the New York area contacted us about a data breach. In response, we swiftly organized a case meeting involving our client, internal, and email customer support teams. Together, we conducted an incident response, facilitating offline assistance for proper planning and risk management processes. We delved into the details of the data breach, identified how it occurred, and collaborated to rectify the issue. The client expressed satisfaction with the resolution process.

Read full review

Sthembiso Zondi

Head of Software Engineering at ronaldmariah@gmail.com

Consistent improvements in code quality and security with effective integration and reliable technical support

The features of SonarQube Server (formerly SonarQube) that I find most useful are the suggestions received from reviewing the code. When they review the code, they provide suggestions on how to fix it, and we find those very useful from a development perspective. We use SonarQube Server's (formerly SonarQube) centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve. We use that for organizational improvement purposes. The ability to tailor metrics tracking in SonarQube Server (formerly SonarQube) has been beneficial to my team. There are team-specific dashboards which are related to specific repositories they utilize, and we have that aggregative dashboard that shows the whole organization's performance. We can drill down per specific repository, which makes it easier for the team to improve specific things.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"ImmuniWeb boasts a robust vulnerability detection mechanism, formidable threat mitigation, and an efficient remediation process, incorporating automation techniques and ALM strategies. The solution is highly stable. The solution is scalable. Editing Key Points for Review "Review about ImmuniWeb" What is our primary use case? We use the solution when we face challenges and urgent attention is needed for complex cases from our clients. To address this, we collaborate with the middleware, internal, and client teams to analyze and sort through intricate logs concerning our business cybersecurity program. How has it helped my organization? The solution helped us with one of our clients in the New York area contacted us about a data breach. In response, we swiftly organized a case meeting involving our client, internal, and email customer support teams. Together, we conducted an incident response, facilitating offline assistance for proper planning and risk management processes. We delved into the details of the data breach, identified how it occurred, and collaborated to rectify the issue. The client expressed satisfaction with the resolution process. What is most valuable? ImmuniWeb boasts a robust vulnerability detection mechanism, formidable threat mitigation, and an efficient remediation process, incorporating automation techniques and ALM strategies. It also focuses on consumer satisfaction and operates in English-speaking markets, primarily required by the UAE, the United States, Canada, and Australia, among other developed countries. For how long have I used the solution? We have been using this product for the past one and half years. What do I think about the stability of the solution? The solution is highly stable. I rate it a perfect ten. What do I think about the scalability of the solution? The solution is scalable. I rate it a nine out of ten. How are customer service and support? Support is generally excellent"

"The most valuable features are the SLA of Zero false-positives, less time of service development, validation of unlimited patched vulnerabilities, and several others."

"After the assessment, you clearly know which assets require penetration testing."

"The initial setup process is user-friendly."

"ImmuniWeb is stable."

"The solution's most valuable feature is reporting."

"I like the fully automated continuous discovery run by ImmuniWeb in the background. We do not need to rerun the same tests or the same scanning against our resources. We need to supply our IP addresses, domain names, and significant resources with special domain names and URLs, and we need to do it only once. Then we always have an up-to-date picture. I also like the integration with our single sign-on system. We do not need to maintain a separate set of usernames or user accounts. We can plug this ImmuniWeb service into our authentication technology, enabling two-factor authentication. We have secure authentication right out of the box. The other important feature I like is the executive view. You can easily switch from a technical view to an executive view and have a helicopter view of the compliance status. We can see how much effort is required and our current status."

"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."

"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."

"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."

"It is a good deal compared to all other tools on the market."

"The solution's user interface is very user-friendly."

"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."

"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."

"Any developer can easily identify issues using the process flow or steps provided by SonarQube. In terms of integration, SonarQube makes it quite easy, simplifying the steps for users."

More SonarQube Server (formerly SonarQube) pros

Cons

"A great idea would be to make a mobile application for the ImmuniWeb portal so that all information would be available on the go and from a mobile phone as well. It would be much more convenient."

"It would be better if they had an automated tagging feature. The tagging functionality currently requires manual tagging, and that's probably the most needed feature from my standpoint. We also do not have enough tools, enough features, or options to display different resources in the way we need. There are basic grouping and some filtering features, but we still cannot fully separate some flavors of our resources. However, we may not be aware of the latest features."

"A great idea would be to support using Discovery on the internal network, allowing delivery of all the features of the current Discovery to internal network resources."

"The deployment process on the cloud is straightforward, while on-premise can be complex. Support is generally excellent, although there can be delays in ticket resolution."

"ImmuniWeb sometimes shows previous scans instead of running tests."

"Its technical support could be better."

"The product’s interface for the web applications could be similar to Android and iOS versions."

"We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer."

"This solution finds issues that are similar to what is found by Checkmarx, and it would be nice if the overlap could be eliminated."

"A little bit more emphasis on security and a bit more security scanning features would be nice."

"The solution could improve by having better-consulting services."

"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."

"We did have some trouble with the LDAP integration for the console."

"I see a problem with SonarQube Server (formerly SonarQube) because the vulnerability assessment is continuous; if I fix some vulnerabilities today, they reappear in the next scan, and there will be completely different issues that need to be fixed."

"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."

More SonarQube Server (formerly SonarQube) cons

Pricing and Cost Advice

"I use the product's free version. The tool costs around 229 dollars."

"The platform is expensive if a large development is involved. However, it is less expensive for scheduled-based testing, quarterly or in a year."

"It is pretty expensive."

"ImmuniWeb is relatively cheap. It's a competitive price compared to other products in the marketplace. It's worth the money we are paying for it."

"There should be the flexibility to change or add pricing, especially for pay-per-use cases."

"The values of ImmuniWeb are currently significantly below what is valued in the Chilean market for these services and solutions."

"It is pretty expensive."

"SonarQube enterprise, I am not sure of the price but from what I understand they are charging a fee. It's is not clear if it is an annual fee or a one-off."

"SonarQube is a cost-effective solution."

"A low cost long-term solution for non-critical situations."

"We have a license with 125,000 lines of code. We did not purchase a lot of lines but it is specific to our code environment."

"We're using the Community Edition, and we don't pay for anything."

"We are using the Community edition of SonarQube."

"As a user and a consumer of this solution, it can be pricey for my company to support and use, even though there are many benefits. For this reason, we use the free version. In the future, as our product cycles develop and evolve at a more steady pace, we hope to invest in the licensing for this tool."

"SonarQube is a fairly affordable solution for a larger scale if you have a specific role or specific department for secure code."

More SonarQube Server (formerly SonarQube) pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

865,384 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

19%

Computer Software Company

12%

Comms Service Provider

Media Company

Financial Services Firm

16%

Computer Software Company

14%

Manufacturing Company

13%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you recommend for a securing Web Application?

In addition to Sitelock and Immuniweb, another option to consider for a 24/7 automated vulnerability monitoring tool to protect web applications is Modshield SB Modshield SB is a web application fi...

See all answers

What do you like most about ImmuniWeb?

ImmuniWeb is stable.

See all answers

What is your experience regarding pricing and costs for ImmuniWeb?

I use the product's free version. The tool costs around 229 dollars.

See all answers

Is SonarQube the best tool for static analysis?

I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...

See all answers

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

See all answers

How would you decide between Coverity and Sonarqube?

We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...

See all answers

Comparisons

Acunetix vs ImmuniWeb

Compared 39% of the time

OpenText Core Application Security vs ImmuniWeb

Compared 24% of the time

Qualys Web Application Scanning vs ImmuniWeb

Compared 17% of the time

OWASP Zap vs ImmuniWeb

Compared 10% of the time

PortSwigger Burp Suite Professional vs ImmuniWeb

Compared 9% of the time

More ImmuniWeb Competitors

Checkmarx One vs SonarQube Server (formerly SonarQube)

Compared 16% of the time

Coverity vs SonarQube Server (formerly SonarQube)

Compared 11% of the time

GitHub Advanced Security vs SonarQube Server (formerly SonarQube)

Compared 10% of the time

Veracode vs SonarQube Server (formerly SonarQube)

Compared 7% of the time

SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube)

Compared 6% of the time

More SonarQube Server (formerly SonarQube) Competitors

Product Reports

Buyer's Guide

ImmuniWeb

August 2025

Download ImmuniWeb product report

Buyer's Guide

SonarQube Server (formerly SonarQube)

July 2025

SonarQube Server (formerly SonarQube) report

Download SonarQube Server (formerly SonarQube) product report

Also Known As

No data available

Sonar

Interactive Demo

Demo not available

ImmuniWeb

Sonar

Overview

ImmuniWeb is a global application security company operating in over 50 countries, headquartered in Geneva, Switzerland. Most of ImmuniWeb's customers come from regulated industries, such as banking, healthcare, and e-commerce.

ImmuniWeb® AI Platform leverages award-winning AI and Machine Learning technology for acceleration and intelligent automation of Attack Surface Management and Dark Web Monitoring. The data is later leveraged for threat-aware and risk-based Application Penetration Testing for web, mobile, and API security testing. ImmuniWeb is the only company that offers a contractual zero false-positives SLA with a money-back guarantee. ImmuniWeb’s AI technology is a recipient of numerous awards and recognitions, including Gartner Cool Vendor, IDC Innovator, and the winner of “SC Award Europe” in the “Best Usage of Machine Learning and AI” category.

ImmuniWeb® Community Edition runs over 100,000 daily tests, being one of the largest application security communities. ImmuniWeb SA is an ISO 27001 certified and CREST-accredited company.

https://www.immuniweb.com.

ImmuniWeb

SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.

SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.

What are the key features of SonarQube Server?

Support for 20+ languages: Extensive programming language support suitable for diverse coding environments.
Custom coding rules: Allows for tailored rule sets to match specific coding standards.
Flexible quality gates: Define criteria for code acceptance at various intervals.
CI/CD integration: Seamless integration with Continuous Integration/Continuous Deployment tools.
Rich interface: User-friendly dashboard with detailed visual insights.

What benefits should users expect from SonarQube Server?

Improved code quality: Enhanced analysis contributes to fewer bugs and improved coding practices.
Security enhancements: Identifies and mitigates security vulnerabilities pre-emptively.
Maintainability: Reduces technical debt, yielding long-term development efficiency.
Customizable: Flexibility in configuration aligns with specific project needs.

Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.

Sonar

Sample Customers

Ebay, United Nations, Next Bank Credit Agricole, Geneva Swiss Bank, Banca Stato, Celgene, SIM University, Heymarket, Swissquote, more...

Information Not Available

Buyer's Guide

ImmuniWeb vs. SonarQube Server (formerly SonarQube)

July 2025

Free Report: ImmuniWeb vs. SonarQube Server (formerly SonarQube)

Find out what your peers are saying about ImmuniWeb vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: July 2025.

DOWNLOAD NOW

865,384 professionals have used our research since 2012.

See our ImmuniWeb vs. SonarQube Server (formerly SonarQube) report.

See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.