SonarQube vs Synopsys API Security Testing comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between SonarQube and Synopsys API Security Testing based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST).
To learn more, read our detailed Application Security Testing (AST) Report (Updated: February 2024).
756,036 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"This solution has helped with the integration and building of our CICD pipeline.""SonarQube is a fantastic tool which saves us precious time.""The static code analysis is very good.""The good thing with SonarQube is it covers a lot of issues, it's a very robust framework.""When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis.""SonarQube is one of the more popular solutions because it supports 29 languages.""The most valuable features are the analysis and detection of issues within the application code.""SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."

More SonarQube Pros →

"The most valuable features of Synopsys API Security Testing are the metrics, results, and threat vectors that it shares."

More Synopsys API Security Testing Pros →

Cons
"I find it is light on the security side.""SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers.""The solution could improve the management reports by making them easier to understand for the technical team that needs to review them.""It should be user-friendly.""It would be better if SonarQube provided a good UI for external configuration.""Technical support and the price could be better.""SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this.""The product needs to integrate other security tools for security scanning."

More SonarQube Cons →

"The solution required us to use our team and we spoke to Synopsys API Security Testing's support to do the implementation. We use two people from our team for the implementation. and one person for maintenance."

More Synopsys API Security Testing Cons →

Pricing and Cost Advice
  • "This is open source."
  • "We did not purchase a license (required for C++ support), but this option was considered."
  • "Get the paid version which allows the customized dashboard and provides technical support."
  • "People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it."
  • "This product is open source and very convenient."
  • "The licence is standard open source licensing"
  • "The price point on SonarQube is good."
  • "Some of the plugins that were previously free are not free now."
  • More SonarQube Pricing and Cost Advice →

    Information Not Available
    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    756,036 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I am not very familiar with SonarQube and their solutions, so I can not answer But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have  a look… more »
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Top Answer:The most valuable features of Synopsys API Security Testing are the metrics, results, and threat vectors that it shares.
    Top Answer:The solutions pricing model is based on the number of lines of code. Overall it is priced well, it is reasonable.
    Top Answer:We are using Synopsys API Security Testing for scanning APIs for risks and vulnerabilities and to understand our posture before deployment within our business.
    Ranking
    Views
    55,990
    Comparisons
    43,907
    Reviews
    22
    Average Words per Review
    437
    Rating
    8.0
    Views
    483
    Comparisons
    334
    Reviews
    1
    Average Words per Review
    310
    Rating
    7.0
    Comparisons
    Also Known As
    Sonar
    Learn More
    Interactive Demo
    Synopsys
    Demo Not Available
    Overview

    SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of your release pipeline, displaying pass/fail results for new code based on quality profiles you customize to your company standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production.

    At its core, SonarQube includes a static code analyzer that identifies bugs, security vulnerabilities, hidden secrets, and code smells. The platform guides you through issue resolution, fostering a culture of continuous improvement. SonarQube’s comprehensive reporting is a valuable tool for dev teams to monitor their codebase's overall health and quality across multiple projects in their portfolio. With SonarQube, you can achieve a state of Clean Code, leading to secure, reliable, and maintainable software.

    Sonar is the only solution combining the power of industry-leading software quality analysis with static application security testing (SAST) and real-time coding guidance in the IDE (with SonarLint) to meet the DevOps and DevSecOps demand of putting agility, automation, and security in the hands of developers. Further accelerate DevOps continuous integration by helping developers find and fix issues in code before the software testing stage, reducing the churn of finding, fixing, rebuilding, and retesting your app.

    With over 5,000 Clean Code rules, SonarQube analyzes 30+ of the most popular programming languages, including dozens of frameworks, the top DevOps platforms (GitLab, GitHub, Azure DevOps, and Bitbucket, and more), and the leading infrastructure as code (IaC) platforms.

    SonarQube is the most trusted static code analyzer used by over 7 million developers and 400,000 organizations globally to clean over half a trillion lines of code.

    AppSec testing optimized for the needs of API developers
    APIs provide open, flexible interfaces that enable applications and services to talk to each other. But these characteristics can also make it difficult to build secure software—and even more difficult for traditional AppSec tools to test it.

    Sample Customers
    Information Not Available
    Top Industries
    REVIEWERS
    Computer Software Company30%
    Financial Services Firm21%
    Comms Service Provider7%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company15%
    Manufacturing Company11%
    Government6%
    VISITORS READING REVIEWS
    Computer Software Company27%
    Financial Services Firm15%
    Manufacturing Company10%
    Insurance Company10%
    Company Size
    REVIEWERS
    Small Business25%
    Midsize Enterprise15%
    Large Enterprise60%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise71%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise16%
    Large Enterprise62%
    Buyer's Guide
    Application Security Testing (AST)
    February 2024
    Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST). Updated: February 2024.
    756,036 professionals have used our research since 2012.

    SonarQube is ranked 1st in Application Security Testing (AST) with 17 reviews while Synopsys API Security Testing is ranked 29th in Application Security Testing (AST) with 1 review. SonarQube is rated 8.0, while Synopsys API Security Testing is rated 7.0. The top reviewer of SonarQube writes "A stable solution that needs to make its enterprise version and support available to users in Thailand". On the other hand, the top reviewer of Synopsys API Security Testing writes "Useful threat vectors, beneficial results, but implementation needed support". SonarQube is most compared with Checkmarx, SonarCloud, Coverity, Veracode and Snyk, whereas Synopsys API Security Testing is most compared with Seeker, Fortify WebInspect, Acunetix, OWASP Zap and SonarCloud.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.