We performed a comparison between Parasoft SOAtest and SonarQube based on real PeerSpot user reviews.Find out what your peers are saying about Sonar, Veracode, GitLab and others in Application Security Testing (AST).
"Good write and read files which save execution inputs and outputs and can be stored locally."
"It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration."
"It is a good deal compared to all other tools on the market."
"From an automation point of view, it should have better clarity and be more user friendly."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"The BPM language is important and should be considered in SonarQube."
"The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"Dynamic scanning is missing and there are some issues with security scanning."
SonarQube is the leading tool for continuously inspecting Code Quality and Code Security, and guiding development teams during code reviews. SonarQube provides clear remediation guidance for 27 languages so developers can understand and fix issues, and so teams can deliver better and safer software. SonarQube integrates into your workflow to provide the right feedback at the right time: in-IDE with SonarLint, in pull requests, and in SonarQube itself. With over 225,000 deployments helping small development teams and global organizations, SonarQube provides the means for teams and companies around the world to own and impact their Code Quality and Code Security.
Parasoft SOAtest is ranked 22nd in Application Security Testing (AST) with 1 review while SonarQube is ranked 1st in Application Security Testing (AST) with 49 reviews. Parasoft SOAtest is rated 7.0, while SonarQube is rated 8.0. The top reviewer of Parasoft SOAtest writes "Good API testing and RIT feature; clarity could be improved". On the other hand, the top reviewer of SonarQube writes "Open-source, stable, and finds the problems for you and tells you where they are". Parasoft SOAtest is most compared with Postman, ReadyAPI Test, Coverity, Tricentis Tosca and Klocwork, whereas SonarQube is most compared with Checkmarx, Veracode, Coverity, Snyk and Sonatype Nexus Lifecycle.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.