Try our new research platform with insights from 80,000+ expert users

ReversingLabs vs SonarQube comparison

ReversingLabs and SonarSource Sàrl are both solutions in the Application Security Tools category. ReversingLabs is ranked #42, while SonarSource Sàrl is ranked #1 with an average rating of 8.2. ReversingLabs holds a 0.5% mindshare in AS, compared to SonarSource Sàrl’s 17.9% mindshare. Additionally, 100% of ReversingLabs users are willing to recommend the solution, compared to 83% of SonarSource Sàrl users who would recommend it.
ReversingLabs
Read 4 ReversingLabs reviews
  • 2,019 Views
  • 444 Comparison Views
100% willing to recommend
SonarQube
Read 134 SonarQube reviews
  • 38,470 Views
  • 26,929 Comparison Views
83% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 5, 2025

SonarQube and ReversingLabs occupy separate categories in software quality analysis and threat intelligence. SonarQube appears advantageous for pricing, while ReversingLabs is preferred for its innovative threat detection.

Features: SonarQube specializes in code health management, offers a wide range of languagesupport, and features robust integration capabilities with CI/CD pipelines. It also provides easy access to code issues, quality gates setup, and an intuitive dashboard for code quality tracking. ReversingLabs excels in in-depth threat analysis, maintains extensive malware repositories, and offers detailed static analysis capabilities, along with real-time threat intelligence that aids in predicting future threats.

Room for Improvement: SonarQube could enhance its security vulnerability scanning and address the issues with build-breaker plugins. Further refinement in licensing policies to accommodate modern CI/CD practices would be beneficial. ReversingLabs could focus on improving ease of use of its interface and provide better integration options with third-party platforms. Additionally, enhancing user guidance for new features could improve user experience. The upfront cost can also be a barrier for smaller organizations looking to adopt robust security measures.

Ease of Deployment and Customer Service: SonarQube is known for its straightforward on-premise deployment and detailed documentation, making the setup process smooth. It provides solid customer support, appreciated by its users. ReversingLabs offers cloud-based deployment, facilitating easy implementation. Its customer service is recognized for prompt assistance and proactive communication, allowing users to resolve issues efficiently and effectively.

Pricing and ROI: SonarQube offers competitive initial costs with scalable pricing models, fostering a good return on investment, especially for development teams focusing on code quality. ReversingLabs, while requiring a higher initial investment, offers substantial value through its comprehensive security insights and innovative threat detection capabilities, justifying its price point for businesses heavily invested in security measures.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed ReversingLabs vs. SonarQube Report (Updated: December 2025).
Buyer's Guide
ReversingLabs vs. SonarQube
December 2025
Download the complete report
Helped 879,853 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ReversingLabs
Ranking in Application Security Tools
42nd
Average Rating
9.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Anti-Malware Tools (46th), Container Security (48th), Software Composition Analysis (SCA) (25th), Threat Intelligence Platforms (TIP) (30th), Software Supply Chain Security (19th)
SonarQube
Ranking in Application Security Tools
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
134
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of January 2026, in the Application Security Tools category, the mindshare of ReversingLabs is 0.5%, up from 0.2% compared to the previous year. The mindshare of SonarQube is 17.9%, down from 26.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Market Share Distribution
ProductMarket Share (%)
SonarQube17.9%
ReversingLabs0.5%
Other81.6%
Application Security Tools
 

Featured Reviews

TC
Tim Craig
Forensic Lead, Global Security Fusion Center at a insurance company with 10,001+ employees
Very good malware and goodware repository and enables us to look more deeply at indicators of compromise
The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild. Also, the solution’s object and file analysis provide us with actionable insights. Its malware and goodware repository is very good. It's very robust. It gets all of the different repositories that are out there that do analysis and brings them under one roof where we can statically analyze for those indicators of compromise and look at them more deeply. If we need to go deeper into things, we can do that.
Read full review
KH
KarthikHarpanhalli
Sr Software Engineering Supervisor at Mozarc Medical
Gains control over rule customization and achieves reliable vulnerability assessment
The deployment process took me about 2 or 3 hours to deploy SonarQube Server (formerly SonarQube), although I do not remember exactly since it was done about 2 years back. Currently, about 10 of my developers are using SonarQube Server (formerly SonarQube) in my company. I do not have plans to increase the usage of SonarQube Server (formerly SonarQube) in the future as there will not be any requirement to increase. I am a senior software engineer and supervisor at Mozark Medical. My corporate email address is karthik.k.a.r.t.h.i.k.h.a.r.p.a.n.h.a.l.l.i@mozarkmedical.com. Overall, I would rate SonarQube Server (formerly SonarQube) as a 9 out of 10.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources."
"ReversingLabs has a large sample size."
"It offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information... It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types."
"As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name."
"The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild."
"There's plenty of documentation available to users."
"The initial setup is simple. It requires some security, but it's simple."
"It is the best product we use for easy integration into YAML pipelines for scanning."
"SonarQube is admin friendly."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"We have worked with the support from SonarQube and we have had good experiences."
"I find SonarQube Cloud to be very user-friendly with an easy-to-use interface."
"The product itself has a friendly UI."
More SonarQube pros
 

Cons

"The solution needs to improve integrations."
"We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us."
"While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality."
"I would like to see if we could do a little bit more of bulk uploading of hash sets. Right now, I can only do them individually."
"The product support could be better at times. Sometimes, the resources that they provide could be of higher quality."
"SonarQube Server (formerly SonarQube) could be improved on the reporting front. Instead of grouping, I would prefer to scan the code as part of development and then generate a report on a daily basis among different units or projects, which is currently complicated."
"SonarQube could improve its static application security testing as per the industry standard."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"It would be helpful if notifications could go out to an extra person."
"If I configure a project in SonarQube, it generates a token. When we're compiling our code with SonarQube, we have to provide the token for security reasons. If IP-based connectivity is established with the solution, the project should automatically be populated without providing any additional token. It will be easy to provide just the IP address. It currently supports this functionality, but it makes a different branch in the project dashboard. From the configuration and dashboard point of view, it should have some transformations. There can be dashboard integration so that we can configure the dashboard for different purposes."
More SonarQube cons
 

Pricing and Cost Advice

"Currently, the license number of lookups that we purchased has not been reached yet, because the integration has only recently been completed. However, our usage is expected and planned to increase over the next couple of months."
"We have a yearly contract based on the number of queries and malicious programs which can be processed."
"I think comparing the product to competitors it should be less expensive."
"We're using an older version because it is the open-source flavor of it and we can continue using it at no cost. We're not paying any licensing at all, which was another factor in choosing this route so that we can learn and grow with it and not be committed to licenses and other similar things. If we choose to get something else, we have to relearn, but we don't have to relicense. Basically, we're paying no license costs."
"Get the paid version which allows the customized dashboard and provides technical support."
"We use the solution free of cost."
"The solution is cheaper than other products."
"We have a license with 125,000 lines of code. We did not purchase a lot of lines but it is specific to our code environment."
"The licence is standard open source licensing"
"As a user and a consumer of this solution, it can be pricey for my company to support and use, even though there are many benefits. For this reason, we use the free version. In the future, as our product cycles develop and evolve at a more steady pace, we hope to invest in the licensing for this tool."
More SonarQube pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
879,853 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Computer Software Company
13%
Insurance Company
9%
Manufacturing Company
8%
Financial Services Firm
14%
Manufacturing Company
14%
Computer Software Company
14%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business41
Midsize Enterprise24
Large Enterprise79
 

Questions from the Community

Ask a question
Earn 20 points
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
See all answers
 

Comparisons

VirusTotal vs ReversingLabs Logo
VirusTotal vs ReversingLabs
Compared 16% of the time
JFrog Xray vs ReversingLabs Logo
JFrog Xray vs ReversingLabs
Compared 11% of the time
MetaDefender vs ReversingLabs Logo
MetaDefender vs ReversingLabs
Compared 8% of the time
OPSWAT Filescan Sandbox vs ReversingLabs Logo
OPSWAT Filescan Sandbox vs ReversingLabs
Compared 7% of the time
Black Duck SCA vs ReversingLabs Logo
Black Duck SCA vs ReversingLabs
Compared 7% of the time
More ReversingLabs Competitors
Checkmarx One vs SonarQube Logo
Checkmarx One vs SonarQube
Compared 26% of the time
Snyk vs SonarQube Logo
Snyk vs SonarQube
Compared 8% of the time
GitHub Advanced Security vs SonarQube Logo
GitHub Advanced Security vs SonarQube
Compared 7% of the time
Coverity Static vs SonarQube Logo
Coverity Static vs SonarQube
Compared 7% of the time
Semgrep vs SonarQube Logo
Semgrep vs SonarQube
Compared 5% of the time
More SonarQube Competitors
 

Product Reports

Buyer's Guide
ReversingLabs
December 2025
ReversingLabs reportDownload ReversingLabs product report
Buyer's Guide
SonarQube
December 2025
SonarQube reportDownload SonarQube product report
 

Also Known As

ReversingLabs Titanium, ReversingLabs secure.software
Sonar, SonarQube Cloud
 

Overview

ReversingLabs is the trusted authority in software and file security. We provide the modern cybersecurity platform to verify and deliver safe binaries. Trusted by the Fortune 500 and leading cybersecurity vendors, the ReversingLabs Titanium Platform® powers the software supply chain and file security insights, tracking over 35 billion files daily with the ability to deconstruct full software binaries in seconds to minutes. Only ReversingLabs provides that final exam to determine whether a single file or full software binary presents a risk to your organization and your customers.

RL - Trust Delivered.


https://www.reversinglabs.com

ReversingLabs

SonarQube provides comprehensive support for multi-language development, custom coding rules, and quality gates, integrated seamlessly into CI/CD pipelines. It empowers teams with clear insights through intuitive dashboards, identifying vulnerabilities, code smells, and technical debt.

SonarQube is renowned for its extensive capabilities in static code analysis, making it an invaluable tool for maintaining code quality. By fully integrating into development processes, it allows organizations to manage vulnerabilities and ensure compliance with coding standards. Its extensive community and open-source roots contribute to its accessibility, while robust dashboards facilitate code quality monitoring. Despite its strengths, feedback suggests enhancing analysis speed, better integration with DevOps tools, and refining the user interface. Users also point to the need for handling false positives effectively and expanding on AI-based features for dynamic code analysis.

What are SonarQube's main features?
  • Multi-language Support: Broad compatibility with diverse programming languages
  • Custom Coding Rules: Flexible customization of coding standards
  • Quality Gates: Set thresholds for maintaining coding standards
  • Vulnerability Identification: Detects security and performance issues
  • Integration with CI/CD: Streamlines quality checks in development workflows
  • Open Source Access: Supported by an active developer community
  • Technical Debt Tracking: Identifies and manages coding inefficiencies
What benefits should users expect?
  • Enhanced Code Quality: Improve code reliability and maintainability
  • Security Assurance: Identify and mitigate potential vulnerabilities
  • Reduced Technical Debt: Streamline the process of managing poor coding practices
  • Development Efficiency: Facilitates continuous integration and delivery processes
  • Community Support: Leverages an active network for continual improvements

In industries like finance and healthcare, SonarQube aids in obtaining regulatory compliance through rigorous code quality assessments. It is implemented to enhance cybersecurity by identifying potential vulnerabilities, while ensuring code meets the stringent standards demanded in these fields. As part of a broader development ecosystem, its integration in CI/CD pipelines ensures smooth and efficient software delivery, catering to phases from code inception to deployment, effectively supporting large-scale and critical software applications.

SonarSource Sàrl
 

Sample Customers

Financial services, healthcare, government, manufacturing, oil & gas, telecommunications, information technology
Information Not Available
Buyer's Guide
ReversingLabs vs. SonarQube
December 2025
Free Report: ReversingLabs vs. SonarQube
Find out what your peers are saying about ReversingLabs vs. SonarQube and other solutions. Updated: December 2025.
DOWNLOAD NOW
879,853 professionals have used our research since 2012.
See our ReversingLabs vs. SonarQube report.
See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.