We performed a comparison between SonarQube and Synopsys Defensics based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"If you want to have your code scanned and timed then this is a good tool."
"I like that it helps us maintain our work quality and code security."
"It is a good deal compared to all other tools on the market."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"The most valuable features are the segregation containment and the suspension of product services."
"It is very good at identifying technical debt."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"The product is related to US usage with TLS contact fees, i.e. how more data center connections will help lower networking costs."
"We have found multiple issues in our embedded system network protocols, related to buffer overflow. We have reduced some of these issues."
"Whatever the test suit they give, it is intelligent. It will understand the protocol and it will generate the test cases based on the protocol: protocol, message sequence, protocol, message structure... Because of that, we can eliminate a lot of unwanted test cases, so we can execute the tests and complete them very quickly."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"Monitoring is a feature that can be improved in the next version."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
"SonarQube is not development-centric like Snyk."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"There could be better integration with other products."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"Codenomicon Defensics should be more advanced for the testing sector. It should be somewhat easy and flexible to install."
"Sometimes, when we are testing embedded devices, when we trigger the test cases, the target will crash immediately. It is very difficult for us to identify the root cause of the crash because they do not provide sophisticated tools on the target side. They cover only the client-side application... They do not have diagnostic tools for the target side. Rather, they have them but they are very minimal and not very helpful."
"It does not support the complete protocol stack. There are some IoT protocols that are not supported and new protocols that are not supported."
Earn 20 points
SonarQube is ranked 1st in Application Security Tools with 108 reviews while Synopsys Defensics is ranked 5th in Fuzz Testing Tools. SonarQube is rated 8.0, while Synopsys Defensics is rated 8.6. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Synopsys Defensics writes "Technical support provided protocol-specific documentation to prove that some positives were not false". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Synopsys Defensics is most compared with Snyk, Fortify on Demand, Invicti, HCL AppScan and PortSwigger Burp Suite Professional.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.