No more typing reviews! Try our Samantha, our new voice AI agent.

SonarQube vs Trustwave App Scanner [EOL] comparison

SonarSource Sàrl and LevelBlue are both solutions in the Application Security Tools category. Additionally, 84% of SonarSource Sàrl users are willing to recommend the solution, compared to 66% of LevelBlue users who would recommend it.
SonarQube
Read 135 SonarQube reviews
  • 37,820 Views
  • 26,474 Comparison Views
84% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 5, 2025

Trustwave App Scanner [EOL] and SonarQube compete in the application security domain. SonarQube holds an advantage due to its comprehensive features, making it a strong choice for those seeking greater value.

Features: Trustwave App Scanner [EOL] emphasizes robust vulnerability detection and ease of use for routine scanning tasks. SonarQube offers extensive integration options, detailed code quality analysis, and supports over 20 programming languages, with a strong focus on software quality assurance and continuous integration.

Room for Improvement: Trustwave App Scanner [EOL] could improve by expanding its integration capabilities, reducing false positives, and ensuring long-term support for its end-of-life product. SonarQube can enhance by improving the documentation for integrations, lowering the initial setup complexity, and addressing support for mono reports in larger organizations.

Ease of Deployment and Customer Service: Trustwave App Scanner [EOL] is simpler to deploy, but its end-of-life status affects long-term support. SonarQube offers flexible deployment options, including on-premise and cloud-based, with reliable customer service and active community support ensuring ongoing assistance.

Pricing and ROI: Trustwave App Scanner [EOL] may have lower initial setup costs, appealing for shorter-term projects. SonarQube, despite a higher initial investment, offers a significant return on investment through its scalable platform and enhanced productivity, appealing for long-term security and quality management initiatives.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Application Security Tools Report (Updated: February 2026).
Buyer's Guide
Application Security Tools
February 2026
Download the complete report
Helped 885,728 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SonarQube
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
135
Ranking in other categories
Application Security Tools (1st), Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
Trustwave App Scanner [EOL]
Average Rating
7.6
Number of Reviews
5
Ranking in other categories
No ranking in other categories
 

Featured Reviews

KH
KarthikHarpanhalli
Sr Software Engineering Supervisor at Mozarc Medical
Gains control over rule customization and achieves reliable vulnerability assessment
The deployment process took me about 2 or 3 hours to deploy SonarQube Server (formerly SonarQube), although I do not remember exactly since it was done about 2 years back. Currently, about 10 of my developers are using SonarQube Server (formerly SonarQube) in my company. I do not have plans to increase the usage of SonarQube Server (formerly SonarQube) in the future as there will not be any requirement to increase. I am a senior software engineer and supervisor at Mozark Medical. My corporate email address is karthik.k.a.r.t.h.i.k.h.a.r.p.a.n.h.a.l.l.i@mozarkmedical.com. Overall, I would rate SonarQube Server (formerly SonarQube) as a 9 out of 10.
Read full review
Securityd276 - PeerSpot reviewer
Securityd276
Security Manager at a healthcare company with 1,001-5,000 employees
Stable solution that has increased the maturity of our security program
I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities. For the most part, it fits our needs but a little more flexibility would be great. I would also like to have more information on AI. If we start to deploy AI in our infrastructure, does it cover that as well?
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I like the by-default policies that are they, as they seem to cover most of what I need."
"I find SonarQube Cloud to be very user-friendly with an easy-to-use interface."
"It's enabled us to improve software quality and help us to disseminate best practices."
"SonarQube is a Code Quality Assurance tool that collects and analyzes source code and provides reports on the code quality of your project."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"I like that it helps us maintain our work quality and code security."
"We usually do the development in Java, and when we finish the development, we usually run the SonarQube tests and review the critical level, bugs, and security issues."
"We have seen a decrease of about 25% of issues from since we first started using it a few months ago, and my team code bases are getting better."
More SonarQube pros
"The stability is great. We haven't had any issues at all with it."
"Go ahead and use Hailstorm as it's the best dynamic code analysis tool one can invest in and it gives a better ROI than most."
"Trustwave App Scanner makes it really easy and convenient for us to notify the website owners before the scans, as well as providing the scan results."
"Web application security testing is a valuable feature."
"The simple fact that it puts us in a better place for identifying our vulnerabilities is a form of ROI."
"This scanner was more efficient compared to its competitors."
 

Cons

"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"The documentation is not clear and it needs to be updated."
"However, there could be an improvement in providing additional training resources."
"The scanning part could be improved in SonarQube. We have used Coverity for scanning, and we have the critical issues reported by Coverity. When we used SonarQube for scanning and looked at the results, it seems that some of them have incorrect input. This part can be improved for C and C++ languages."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"The solution could improve by providing more advanced technologies."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"If I configure a project in SonarQube, it generates a token. When we're compiling our code with SonarQube, we have to provide the token for security reasons. If IP-based connectivity is established with the solution, the project should automatically be populated without providing any additional token. It will be easy to provide just the IP address. It currently supports this functionality, but it makes a different branch in the project dashboard. From the configuration and dashboard point of view, it should have some transformations. There can be dashboard integration so that we can configure the dashboard for different purposes."
More SonarQube cons
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
"It was complex as I have to make sure all the requirements are in place before on-boarding Hailstorm."
"It doesn't support modern web technologies such as GWT, Angular, JS etc."
"Used to crash/freeze due to poor performance, not sure about newer versions."
"One feature that I would really want is the number of total applications in the web GUI; after selecting a filter on the applications, it would be really helpful if it shows the number of applications."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
 

Pricing and Cost Advice

"The licence is standard open source licensing"
"For the Community edition, there is no extra cost. It's totally free. The Enterprise edition, Data Center edition, and Developer edition are the paid versions."
"The product’s price is lower than Veracode’s price."
"It's an open-source solution, with no additional costs."
"As a user and a consumer of this solution, it can be pricey for my company to support and use, even though there are many benefits. For this reason, we use the free version. In the future, as our product cycles develop and evolve at a more steady pace, we hope to invest in the licensing for this tool."
"The price of the solution could be reduced."
"The solution is cheaper than other products."
"The price of this solution is more expensive than competitors. However, it works better than competitors."
More SonarQube pricing and cost advice
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
885,728 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
13%
Financial Services Firm
13%
Computer Software Company
12%
Comms Service Provider
5%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business42
Midsize Enterprise24
Large Enterprise79
No data available
 

Questions from the Community

Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Checkmarx One vs SonarQube Logo
Checkmarx One vs SonarQube
Compared 29% of the time
Snyk vs SonarQube Logo
Snyk vs SonarQube
Compared 8% of the time
GitHub Advanced Security vs SonarQube Logo
GitHub Advanced Security vs SonarQube
Compared 4% of the time
Coverity Static vs SonarQube Logo
Coverity Static vs SonarQube
Compared 4% of the time
OpenText Core Application Security vs SonarQube Logo
OpenText Core Application Security vs SonarQube
Compared 4% of the time
More SonarQube Competitors
HCL AppScan vs Trustwave App Scanner [EOL] Logo
HCL AppScan vs Trustwave App Scanner [EOL]
Compared 53% of the time
Snyk vs Trustwave App Scanner [EOL] Logo
Snyk vs Trustwave App Scanner [EOL]
Compared 31% of the time
Sonatype Lifecycle vs Trustwave App Scanner [EOL] Logo
Sonatype Lifecycle vs Trustwave App Scanner [EOL]
Compared 16% of the time
More Trustwave App Scanner [EOL] Competitors
 

Product Reports

Buyer's Guide
SonarQube
March 2026
SonarQube reportDownload SonarQube product report
Buyer's Guide
Application Security Tools
February 2026
Trustwave App Scanner [EOL] reportDownload Trustwave App Scanner [EOL] product report
 

Also Known As

Sonar, SonarQube Cloud
Hailstorm, Cenzic Hailstorm
 

Interactive Demo

SonarSource Sàrl
Demo not available
LevelBlue
 

Overview

SonarQube leads automated code review, enhancing code quality and security in AI-driven SDLCs. It analyzes pull requests, providing developers with actionable feedback and AI-driven fixes before code merges. Trusted by top enterprises, it supports SaaS and self-managed deployments.

SonarQube supports a wide range of programming languages and integrates seamlessly with CI/CD tools like Jenkins. It is renowned for its static code analysis, code coverage, and security vulnerability detection. While its open-source foundation and scalability are praised, users seek enhanced integration across multiple languages, better security features, and improved documentation. Despite challenges, its ability to automate code inspections and ensure compliance with coding standards makes it essential in software development processes, facilitating continuous improvement.

What are the most important features?
  • Language Support: Extensive support for multiple programming languages.
  • Custom Coding Rules: Allows defining project-specific rules.
  • Integration: Seamlessly works with Jenkins and CI/CD pipelines.
  • Quality Gates: Simplifies monitoring code quality.
  • Dashboards: Facilitates easy monitoring and management.
  • Static Code Analysis: Detects issues early in development.
  • Security Detection: Identifies vulnerabilities automatically.
What benefits should users look for?
  • Improved Code Quality: Enhances reliability and maintainability.
  • Security Assurance: Strengthens code against vulnerabilities.
  • Technical Debt Reduction: Ensures cleaner, maintainable code.
  • Efficient Feedback: Speeds up development cycles.
  • Standards Compliance: Aids in adhering to best practices.

In industries like finance, healthcare, and automotive, SonarQube is leveraged for static code analysis, automating code inspections, and ensuring compliance with stringent standards. Teams integrate it into their CI/CD pipelines to maintain high-quality code, identify security vulnerabilities, and enhance code maintainability.

SonarSource Sàrl
Provides ability to test applications for security vulnerabilities, security policies and regulatory compliance.
LevelBlue
 

Sample Customers

Snowflake, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.
Leading Health Insurer
Buyer's Guide
Application Security Tools
February 2026
Download Free Report
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: February 2026.
DOWNLOAD NOW
885,728 professionals have used our research since 2012.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.