We performed a comparison between Contrast Security Protect and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Protect provides us with more in-depth visibility into ongoing attacks."
"The product gives a few false positives. We get 99 percent true positives."
"The solution has excellent real-time capabilities."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"Any developer can easily identify issues using the process flow or steps provided by SonarQube. In terms of integration, SonarQube makes it quite easy, simplifying the steps for users."
"Can tweak rules and feed them into our build pipelines."
"One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside."
"The most valuable feature of this solution is that it is free."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"There's room for improvement in the initial setup."
"Protect's reporting GUI is very basic. To get all statuses from the APIs, we needed to write our own KPI dashboard to provide reports."
"Contrast Security Protect needs to improve integration."
"The BPM language is important and should be considered in SonarQube."
"The product provides false reports sometimes."
"In terms of what can be improved, the areas that need more attention in the solution are its architecture and development."
"Expression of common vulnerabilities and exposures is not always current."
"The documentation is not clear and it needs to be updated."
"The solution could improve by providing more advanced technologies."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
"There isn't a very good enterprise report."
Contrast Security Protect is ranked 32nd in Application Security Tools with 3 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. Contrast Security Protect is rated 8.4, while SonarQube is rated 8.0. The top reviewer of Contrast Security Protect writes "It provides us with more in-depth visibility into ongoing attacks". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Contrast Security Protect is most compared with Fortify on Demand, Snyk, Tenable.io Web Application Scanning, Sonatype Lifecycle and HCL AppScan, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Contrast Security Protect vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.