What are the differences between SonarQube and CAST AIP?

Hello peers, 

I am a Senior Program Manager at a large manufacturing company.

I am currently researching both SonarQube and CAST AIP. What are the main differences between these two solutions? Does CAST AIP scan for design violations?

Thankyou for your help.

Senior Program Manager at Oasis TE
  • 1
  • 131
PeerSpot user
1 Answer
Chief Architect at Peristent Systems
Real User
Top 5Leaderboard
May 23, 2023

Hi Joe - SonarQube is essentially a static code quality tool and has multiple versions (community is free and then we have developer, enterprise, and data center versions which are paid). As per the latest branding from CAST, they don't market AIP as a separate product and are bundled with CAST Imaging. CAST AIP is used to onboard the code base and perform analysis and the actual products are Imaging for architecture analysis and health, engineering, and security dashboards. The dashboards in CAST are richer and have more security features compared to SonarQube. Also, CAST does not have any free community version available. Both of them do static code analysis and do not look at run time code.

Find out what your peers are saying about CAST Application Intelligence Platform vs. SonarQube and other solutions. Updated: September 2023.
734,024 professionals have used our research since 2012.
Product comparison that may be of interest to you
Related Questions
User at Network Appliance ASIAPAC
May 16, 2023
Hello peers,  I work for a large tech services company. I am currently researching Application Security Tools. Which software is ideal for code quality and security? Are SonarQube and Snyk a good choice? Are there any better alternatives? Thank you for your help.
2 out of 3 answers
May 15, 2023
Hi Tej, as per my experience, SonarQube provides a better understanding of the code, it gives you a detailed analysis of the code up to the line level. It finds vulnerabilities in the code and runs test cases for you (if you add them). Also, you can customize the quality gate rules to define the parameters your code should pass like reliability, repetition of lines, etc. On the other hand, Snyk offers you an overview of the tools you are using, or the APIs you are using inside the code and gives vulnerability notifications and fixes. SonarQube doesn't fix or doesn't give any suggestions but Snyk will give you suggestions on which version of that dependency should be used and why. I have integrated both Snyk and SonarQube as both are open source up to a certain level. 
Board Member at a tech vendor with 1,001-5,000 employees
May 15, 2023
Hi Tej, you should also check out CAST (castsoftware.com). Their kit does a very thorough analysis that may be a good option depending on the complexity of your codebase. 
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Aug 11, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
See 1 answer
Chief Architect at Peristent Systems
Aug 11, 2022
I do know how the CAST Application Intelligence Platform is licensed, but I'm not able to give the cost because the price is not listed. My company works with individual vendors, so pricing is on a case-to-case basis, but the vendors give specialized pricing because of the enterprise deployment, though my team is aware of product pricing based on lines of code, based on the number of applications, etc., I'm unable to give the exact licensing costs of the CAST Application Intelligence Platform. My company doesn't have to pay extra for some features or services because all are included as part of the enterprise license. On a scale of one to five, with five being very cheap and one being very expensive, I would rate the CAST Application Intelligence Platform as three out of five.
Product Comparisons
Download Free Report
Download our FREE report comparing CAST Application Intelligence Platform and SonarQube based on reviews, features, and more! Updated: September 2023.
734,024 professionals have used our research since 2012.