We performed a comparison between Invicti and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Invicti is a good product, and its API testing is also good."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"The platform is stable."
"Its ability to crawl a web application is quite different than another similar scanner."
"I like that it's stable and technical support is great."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"It easily ties into our continuous integration pipeline."
"We consider it a handy tool that helps to resolve our issues immediately."
"Can tweak rules and feed them into our build pipelines."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"The product itself has a friendly UI."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"The support's response time could be faster since we are in different time zones."
"The solution needs to make a more specific report."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The custom attack preparation screen might be improved."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"The product's pricing could be lower."
"The tool needs to be more compatible with C/C++ language"
"You may need to purchase add-ons to get the useability you desire."
"Monitoring is a feature that can be improved in the next version."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
Invicti is ranked 20th in Application Security Tools with 26 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. Invicti is rated 8.2, while SonarQube is rated 8.0. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and HCL AppScan, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our Invicti vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.