We performed a comparison between Apiiro and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Apiiro's secrets detection feature has saved us several times, which we appreciate greatly."
"The workflow automation is likely the best aspect of the solution."
"Code Convention: Using the tool to implement some sort of coding convention is really useful and ensures that the code is consistent no matter how many contributors."
"It automatically scans for code, detects vulnerabilities, and generates daily reports."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"The most valuable features are the segregation containment and the suspension of product services."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"This solution has helped with the integration and building of our CICD pipeline."
"The static code analysis is very good."
"I would like support for our self-hosted Git server, other than GitHub, just regular Git."
"User management is a little bit clunky."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
"Expression of common vulnerabilities and exposures is not always current."
"The reporting can be improved."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"A better design of the interface and add some new rules."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
Apiiro is ranked 21st in Static Application Security Testing (SAST) with 2 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 112 reviews. Apiiro is rated 8.6, while SonarQube is rated 8.0. The top reviewer of Apiiro writes "A great secrets detection feature, good visibility, and integrates well". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Apiiro is most compared with Snyk, Ox Security, Cycode, Semgrep Supply Chain and Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Apiiro vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.