We performed a comparison between Rapid7 AppSpider and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the reporting, which is compliant with international standards."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"The setup is usually straightforward."
"It scans all the components developed within a web application."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"It is really accurate and the rate of false positives is very low."
"With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"There is a free version."
"There's plenty of documentation available to users."
"The dashboard and interface are crucial and they need some improvement."
"Integration could be better."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"AppSpider has some problems with the RAM needed while scanning."
"There are some glitches with stability, and it is an area for improvement."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"This price of this solution is a little bit expensive."
"The enterprise interface is too simple. It should be more customizable."
"If you don't have any experience with the configuration or how to configure the files, it can be complicated."
"The BPM language is important and should be considered in SonarQube."
"Technical support and the price could be better."
"The product must improve security analysis."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
Rapid7 AppSpider is ranked 25th in Application Security Testing (AST) with 13 reviews while SonarQube is ranked 1st in Application Security Testing (AST) with 108 reviews. Rapid7 AppSpider is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Rapid7 AppSpider vs. SonarQube report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
