We performed a comparison between SonarQube and Trend Micro Cloud App Security based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"The static code analysis is very good."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside."
"It automatically scans for code, detects vulnerabilities, and generates daily reports."
"Can tweak rules and feed them into our build pipelines."
"The solution is easy to integrate."
"Dependable with ease of integration with other security products."
"The initial setup is pretty straightforward."
"Our business emails are very important and Trend Micro Cloud App Security has provided a high level of protection. Additionally, there are updating the solution frequently."
"It has more intelligence features than other vendors."
"Trend Micro has DLP features in it, which separates it from other solutions."
"The most valuable feature of Trend Micro Cloud App Security is its stability across all platforms."
"Trend Micro Cloud App is easy to use and easy to install."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"The product's pricing could be lower."
"The scanning part could be improved in SonarQube. We have used Coverity for scanning, and we have the critical issues reported by Coverity. When we used SonarQube for scanning and looked at the results, it seems that some of them have incorrect input. This part can be improved for C and C++ languages."
"You may need to purchase add-ons to get the useability you desire."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"Documentation could be improved; product cost is quite high."
"There is room for improvement in the DLP component of Trend Micro Cloud App Security."
"It would be great if Trend Mail Cloud App Security would be joined with a web security solution, making it a multiple-network solution."
"They should provide separate corporate-level licenses for two to three instances."
"The granulation of the policy setup needs to be better. Right now, it is too basic."
"The price of the solution could improve by being lower."
"The solution's technical support services could be better."
"In the next release, I would like to see the cost go down."
More Trend Micro Cloud App Security Pricing and Cost Advice →
SonarQube is ranked 1st in Application Security Tools with 110 reviews while Trend Micro Cloud App Security is ranked 25th in Application Security Tools with 8 reviews. SonarQube is rated 8.0, while Trend Micro Cloud App Security is rated 8.2. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Trend Micro Cloud App Security writes "A straightforward setup and good reliability with useful security capabilities". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Trend Micro Cloud App Security is most compared with Forcepoint ZT CDR (Zero Trust Content Disarm & Reconstruction), Microsoft Exchange Online Protection (EOP), WithSecure Cloud Protection for Salesforce and Joe Sandbox Ultimate. See our SonarQube vs. Trend Micro Cloud App Security report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.