SonarQube Questions

Vishal-Goyal - PeerSpot reviewer
Vishal-Goyal
Chief Architect at Peristent Systems
Aug 12 2022
Dear experts, I wanted to check with those who have experience in using both SonarQube Community Edition and SonarQube Enterprise Edition. What real advantages do you see in spending money to procure an enterprise license vs using community edition which is free? I'm aware enterprise provides ...
Read More »
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)

Why is one better than the other?

Vishal-Goyal - PeerSpot reviewer
Vishal-GoyalWe have used SonarQube quite a lot and this is great to check code quality… more »
6 Answers
Kit Ted - PeerSpot reviewer
Kit Ted
User at h

I'm currently researching the following two application security tools: Coverity and SonarQube.

Can anyone point me out to main differences between these 2 products?

Thanks for your help!

Manoj Kumar Kemisetty - PeerSpot reviewer
Manoj Kumar Kemisetty
Sap Advanced Business Application Programming Consultant at Accenture

Hi community members,

Is SonarQube is the best tool for static analysis? Are there any good tools that compete with SonarQube?

Peter Arvedlund - PeerSpot reviewer
Peter ArvedlundI am not very familiar with SonarQube and their solutions, so I can not answer… more »
Purushothaman K - PeerSpot reviewer
Purushothaman KThe static tool we can use is Fortify or IBM Appscan. SonarQube is widely used… more »
Rama Susarla - PeerSpot reviewer
Rama SusarlaSonarQube is one of the widely used and easy-to-use tools.  With some easy… more »
10 Answers
AshokPandey - PeerSpot reviewer
AshokPandey
Principal Software Engineer at Becton, Dickinson and Company

I work in a large enterprise Healthcare Company. 

We are thinking of buying SonarQube licensing (Developer edition) and need to understand some details of it. Is there anyone I can talk to? 

Donovan Greeff - PeerSpot reviewer
Donovan GreeffSonarQube is an open source tool. The use of the developer edition leads me to… more »
Daniel Hall - PeerSpot reviewer
Daniel HallHi, we still use the community edition and not yet matured to the point where… more »
Russell Rothstein - PeerSpot reviewer
Russell Rothstein@Steven Gomez @Phil Denomme  @Jeff Ingalls @Donovan Greeff  @Kiran Gujju @Daniel… more »
3 Answers
William Hayes - PeerSpot reviewer
William Hayes
User at Securities America
I am looking for pros and cons for the Checkmarx vs SonarQube, in particular regarding: false positives tuning Sonarqube to reduce false positives without introducing false negatives.  I am also wondering if SonarQube could allow developers to delint their code before submitting it to SAS...
Read More »
Donovan Greeff - PeerSpot reviewer
Donovan GreeffMy opinions are my own and do not represent any other entities that I may be or… more »
Durga Gudimetla - PeerSpot reviewer
Durga GudimetlaSonarQube can be used for SAST. However, based on our internal analysis, our… more »
Swapna Ragi - PeerSpot reviewer
Swapna RagiSonarQube depends on completely what you configure the Rules. You will have the… more »
3 Answers
Malla Reddy Bakka - PeerSpot reviewer
Malla Reddy Bakka
User at a tech services company with 10,001+ employees

I currently work for a global product engineering and lifecycle services partner. 

We are currently evaluating Checkmarx and SonarQube for our PoC. What are the biggest differences between the two? Which would you recommend?

Thanks! I appreciate the help.

Elina Petrovna - PeerSpot reviewer
Elina PetrovnaSonarQube historically was focused on Code Quality and Best Practices. Recently… more »
ManojKumar9 - PeerSpot reviewer
ManojKumar9The major difference I have seen between Checkmarx and SonarQube is… more »
Curtis Yanko - PeerSpot reviewer
Curtis YankoI’ve always viewed sonarqube as a code quality tool that compliments many code… more »
3 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
One of the most popular comparisons on IT Central Station is Coverity vs SonarQube. People like you are trying to decide which one is best for their company. Can you help them out? What is the biggest difference between Coverity and SonarQube? Which of these two solutions would you recommend to...
Read More »
HungVu - PeerSpot reviewer
HungVuBoth of them are static analytic source tools but SonarQube focus on the quality… more »
1 Answer
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
One of the most popular comparisons on IT Central Station is Fortify on Demand vs SonarQube. People like you are trying to decide which one is best for their company. Can you help them out? What is the biggest difference between Fortify on Demand and SonarQube? Which of these two solutions woul...
Read More »
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees

If you were talking to someone whose organization is considering SonarQube, what would you say?

How would you rate it and why? Any other tips or advice?

it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees

Please share with the community what you think needs improvement with SonarQube.

What are its weaknesses? What would you like to see changed in a future version?

reviewer1503354 - PeerSpot reviewer
reviewer1503354Normally, SonarQube gives a quick response for scanning and is easier for… more »
63 Answers
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)

Hi Everyone,

What do you like most about SonarQube?

Thanks for sharing your thoughts with the community!

Application Security Tools Questions
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jul 28 2022

What is CAPTCHA and how does It work? What are the potential use cases of CAPTCHA for AI?

Christy Limestall - PeerSpot reviewer
Christy LimestallCAPTCHA, Completely Automated Public Turing test to tell Computers and Humans… more »
1 Answer
KamalKapur - PeerSpot reviewer
KamalKapur
Quality Executive at Dharampal Premchand Limited(DPPCL)
Oct 06 2022
Hello, I work as a Quality Executive at a Consumer Goods company.  At the moment, we're researching an email security solution. We have 1000+ users. Among others, we've been looking at these products: Cisco Secure Email, Forcepoint Email Security and Barracuda Email Security Gateway.  Which o...
Read More »
TundeOgunkoya - PeerSpot reviewer
TundeOgunkoyaHi Kamal,  Firstly, you would have to recognize that there is/are no fast and… more »
SimonClark - PeerSpot reviewer
SimonClarkTunde is absolutely right and is what I was trying to say in my first answer… more »
6 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Nov 23 2022

Hi infosec pros,

How are these two terms different? What modern tools and techniques should you use to protect each data?

ChrisLowe - PeerSpot reviewer
ChrisLoweData protection at rest - data storage has encryption applied, at the OS… more »
PatrickWheaton - PeerSpot reviewer
PatrickWheaton"Data protection at rest" means when it is stored on the hard drive, tape… more »
6 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

What are the practical use cases of ASPM? What tools can be used for ASPM?

ZvikaRonen - PeerSpot reviewer
ZvikaRonenI'd like to add to the previous comment the SCA (software composition analysis)… more »
2 Answers
Eric Signe - PeerSpot reviewer
Eric Signe
INFORMATION SECURITY ANALYST / ARCH at octosafes inc
Jul 21 2022

Hi infosec professionals,

I'd like to understand better the main highlights of WAF security. E.g., what type of security can be achieved with a WAF tool?

Thank you for sharing your knowledge.

Eric Signe - PeerSpot reviewer
Eric Signe-Application security  -OWASP top 10 -Protection on two aspects:… more »
Tom Foale - PeerSpot reviewer
Tom FoaleA good WAF secures not just your websites and cloud applications but will… more »
3 Answers
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services

Hi community,

What are your top 5 (or less) cyber security trends in 2022?

Thanks in advance!

Pablo Cousino - PeerSpot reviewer
Pablo Cousino1) Security in endpoints (especially because of remote work), especially to… more »
Bret Mantey - PeerSpot reviewer
Bret Mantey Look to the most recent Presidential order regarding security: Executive… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian Pereira1. [True!] Cloud Security hardening/assessment.  2. AI (for massive data… more »
10 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi infosec professionals.

What are your top choices of tools to use for mobile penetration testing this year?

Thanks for sharing your knowledge!

Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi peers,

What top trends do you predict about DevOps and DevSecOps for 2022? 

In your opinion, what is gonna change this year vs 2020-2021?

ZvikaRonen - PeerSpot reviewer
ZvikaRonenMy prediction is that company will adopt SCA tools into their CI/CD to manage… more »
Vishal-Goyal - PeerSpot reviewer
Vishal-GoyalInfrastructure as a Code scripts testing, API security testing and SCA will gain… more »
2 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi community,

How do you practically use it and apply Security Posture/Security Posture Management in a large organization?

Tnx.

Vishal-Goyal - PeerSpot reviewer
Vishal-GoyalSecurity posture will include a number of things. The following artifacts… more »
1 Answer
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi peers, I believe many of you have already heard of the recent Log4j/Log4Shell vulnerability that allows attackers to perform remote code execution (RCE). What does it mean for an organization? How can you check you're vulnerable and mitigate/patch it now, if at all? Lastly, what impact do...
Read More »
ITSecuri7cfd - PeerSpot reviewer
ITSecuri7cfdYet another chance to test our incident response procedures.  So far I would… more »
SimonClark - PeerSpot reviewer
SimonClarkThis vulnerability is particularly critical because Log4j is widely used in open… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraOne excellent opportunity for the company to test your CMDB/Inventory (at medium… more »
5 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

When do you use each of those tools?

Abhirup Sarkar - PeerSpot reviewer
Abhirup SarkarSAST: Static application security testing (SAST) is used to secure software by… more »
Vishal-Goyal - PeerSpot reviewer
Vishal-GoyalSCA looks at open-source libraries only and associates vulnerabilities, license… more »
3 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Jun 28 2022

Hello,

Would you recommend using an open-source WAF for a large company? If so, which one and why?

Thanks.

Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi peers,

What are the OWASP Top 10 this year? 

What single web app security tool (or a minimum set of tools) would you recommend for overall web app protection (from the most critical security risks covered by these Top 10)?

Andrew Van Der Stock - PeerSpot reviewer
Andrew Van Der StockWe are due to release the OWASP Top 10 2021 on September 24, 2021. We will be… more »
Curtis Yanko - PeerSpot reviewer
Curtis YankoI’m not sure the top 10 is changing this year but if it is it will be to squeeze… more »
Vishal-Goyal - PeerSpot reviewer
Vishal-GoyalBelieve no single tool will address all OWASP Top 10 issues. One will need a… more »
4 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
There are many cybersecurity tools available, but some aren't doing the job that they should be doing.  What are some of the threats that may be associated with using 'fake' cybersecurity tools? What can people do to ensure that they're using a tool that actually does what it says it does?
Read More »
SimonClark - PeerSpot reviewer
SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
Dan Doggendorf - PeerSpot reviewer
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so… more »
Javier Medina - PeerSpot reviewer
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with… more »
12 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

Hi,

Many companies wonder whether SAST or DAST is better for application security testing. 

What are the relative benefits of each methodology? Is it possible to make use of both?

Dan Doggendorf - PeerSpot reviewer
Dan DoggendorfSAST and  DAST are not mutually exclusive and should be used in conjunction with… more »
Oscar Van Der Meer - PeerSpot reviewer
Oscar Van Der MeerFor application security you ideally need SAST, SCA and DAST. You need all three… more »
Thomas Ryan - PeerSpot reviewer
Thomas RyanThe easiest way to remember the role of each: SCA & SAST = Am I Vulnerable… more »
6 Answers
Meng Chen - PeerSpot reviewer
Meng Chen
Student at Syracuse University
What are the main differences between Black Duck and Veracode for Software Composition Analysis (SCA)?
Read More »
Oscar Van Der Meer - PeerSpot reviewer
Oscar Van Der MeerClients that have benchmarked our solution against both BlackDuck and Veracode… more »
Bruno Schiavetti - PeerSpot reviewer
Bruno SchiavettiIt really comes down to what your expectations are. Blackduck has the ability to… more »
2 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

Which single application security tool provides the best overall protection?

Kangkan Goswami - PeerSpot reviewer
Kangkan GoswamiThe best source to know the OWASP risks is the OWASP website. For top 10 risks… more »
3 Answers
CK Low - PeerSpot reviewer
CK Low
User

Hi peers, 

I am researching application security software for my organization. We provide systems to the airline industry.

Which products provide both vulnerability scanning and quality checks?

Which one(s) do you recommend and why?

Thanks,

CK

TundeOgunkoya - PeerSpot reviewer
TundeOgunkoyaWhilst it may appear as though the real solution to a question like yours is to… more »
davidstrom - PeerSpot reviewer
davidstromBurp Suite from PortSwigger (pen testing and vuln scans) and WebGoat from OWASP… more »
Tiago Stello - PeerSpot reviewer
Tiago StelloI use and recommend Micro Focus Fortify for SAST, DAST, and real-time code… more »
11 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
Application security is one of the fastest trending topics from IT Central Station community members. Why do companies need to purchase app security software?  Is it due to common web application vulnerability types (e.g. Cross-Site Scripting, SQL injection, CSRF injection) that these solutions ...
Read More »
HansEnders - PeerSpot reviewer
HansEndersAcquiring the tools is not the goal, it is to operate an Application Security… more »
Vijayanathan Naganathan - PeerSpot reviewer
Vijayanathan NaganathanApplication security software is needed to unearth vulnerabilities in the target… more »
Boris Paskalev - PeerSpot reviewer
Boris PaskalevOne needs application security tools and hopefully, those that can find the new… more »
9 Answers
it_user703014 - PeerSpot reviewer
Senior Web Developer at KPMG

We have always heard that if we compress the file it reduces the size and we can send it easily. But my question is, does compressing always decrease the size of the file or does it increase as well? 

it_user703014 - PeerSpot reviewer
Senior Web Developer at KPMG
Encrypt means to convert (information or data) into a cipher or code, especially to prevent unauthorized access. Compression is a reduction in the number of bits needed to represent data. So the question is, what do we do first? Encrypt or compress during data transmission?
Read More »
it_user161343 - PeerSpot reviewer
it_user161343This question regarding encrypt and compress data, in which order was a good… more »
it_user570081 - PeerSpot reviewer
it_user570081First compress and then encrypt.
21 Answers
it_user668973 - PeerSpot reviewer
User
Hello I use Acunetix 11, There is an internal Server Error in all web service scans (V10 , V11). I wonder what is the reason of this error and how can I fix it. For further details, We have a WCF web service. Best Regards.
Read More »
it_user371577 - PeerSpot reviewer
User at a tech company with 51-200 employees
We are mainly a VMware customer and for security Tripwire is being recommended. However, upon research I found that VMware has vCenter Configuration Manager and I'm checking to see if that's an alternative. If not vCM, does anyone recommend any other products? How about CIMCOM?Thanks.
Read More »
it_user372162 - PeerSpot reviewer
it_user372162Have you looked into ScriptRock yet? It's a great platform for configuration… more »
10 Answers
Ariel Lindenfeld - PeerSpot reviewer
Ariel Lindenfeld
Sr. Director of Community
PeerSpot

Let the community know what you think. Share your opinions now!

reviewer1434390 - PeerSpot reviewer
reviewer1434390I would check the authentication steps required. How does the data storage work… more »
SimonClark - PeerSpot reviewer
SimonClarkMost companies have hundreds of apps so it is impractical to ensure every single… more »
16 Answers
Ariel Lindenfeld - PeerSpot reviewer
Ariel Lindenfeld
Sr. Director of Community
PeerSpot

Has anyone done a comparison between Checkmarx and Veracode application security testing?

What are the main pros and cons of each solution?

What else do we need to consider when evaluating these two products?

it_user318207 - PeerSpot reviewer
it_user318207As someone who has been long using HP Fortify, I've been actively looking at… more »
2 Answers