We performed a comparison between Fortra Tripwire IP360 and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"Tripwire IP360 is a very stable solution."
"We could manage our entire IP range with the solution."
"We advise all of our developers to have this solution in place."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"We need to dedicate time and resources to keep it running."
"I am not very impressed by the technical support."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"The security in SonarQube could be better."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"If I configure a project in SonarQube, it generates a token. When we're compiling our code with SonarQube, we have to provide the token for security reasons. If IP-based connectivity is established with the solution, the project should automatically be populated without providing any additional token. It will be easy to provide just the IP address. It currently supports this functionality, but it makes a different branch in the project dashboard. From the configuration and dashboard point of view, it should have some transformations. There can be dashboard integration so that we can configure the dashboard for different purposes."
"The solution could improve by providing more advanced technologies."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
Fortra Tripwire IP360 is ranked 35th in Vulnerability Management with 6 reviews while SonarQube is ranked 1st in Application Security Tools with 108 reviews. Fortra Tripwire IP360 is rated 7.0, while SonarQube is rated 8.0. The top reviewer of Fortra Tripwire IP360 writes "The solution helps users to manage their entire IP range, but it's unreliable and very expensive to maintain". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Fortra Tripwire IP360 is most compared with Tenable Nessus, Tenable Security Center and Trend Micro Deep Security, whereas SonarQube is most compared with Checkmarx, SonarCloud, Coverity, Veracode and Snyk.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.