We performed a comparison between SonarQube and Spirent CyberFlood based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We've configured it to run on each commit, providing feedback on our software quality. ]"
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"The most valuable features are the segregation containment and the suspension of product services."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside."
"The overall quality of the indicator is good."
"CyberFlood is flexible."
"The feature I find most valuable is the traffic generator."
"Our customers use it to check for unauthorized file transfer."
"CyberFlood's best features are its user-friendliness and scheduling function."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"There could be better integration with other products."
"SonarQube could improve its static application security testing as per the industry standard."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"Sometimes, when you configure parameters the hardware can't run, it will get stuck at those points without telling you what happened. It would be helpful if the error reporting provided more details about why the test setting is not running. It would be nice if there were a space in the hardware module for you to add some external hardware for more rigorous testing."
"I would also like to see updates on a more frequent schedule."
"The solution needs more ports, more speed, and more gigabytes."
"CyberFlood's accessibility and support for multiple browsers could be better."
SonarQube is ranked 1st in Application Security Tools with 110 reviews while Spirent CyberFlood is ranked 33rd in Application Security Tools with 4 reviews. SonarQube is rated 8.0, while Spirent CyberFlood is rated 8.4. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Spirent CyberFlood writes "I like the solution's flexibility". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Spirent CyberFlood is most compared with Ixia BreakingPoint and Ixia BreakingPoint VE. See our SonarQube vs. Spirent CyberFlood report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
