We performed a comparison between Rapid7 AppSpider and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"It is really accurate and the rate of false positives is very low."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"The most valuable feature is the reporting, which is compliant with international standards."
"It scans all the components developed within a web application."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"The setup is usually straightforward."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"It is very good at identifying technical debt."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"The most valuable features are the dashboard, the ability to drill down to the code, user-friendly, and the technical debt estimation."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"Offers multi-programming language support"
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"The enterprise interface is too simple. It should be more customizable."
"The dashboard and interface are crucial and they need some improvement."
"Support response times are slow and can be improved."
"The tech support is responsive but issues remain unresolved."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"Integration could be better."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"Expression of common vulnerabilities and exposures is not always current."
"The interface could be a little better and should be enhanced."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
"The security in SonarQube could be better."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"A better design of the interface and add some new rules."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 112 reviews. Rapid7 AppSpider is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and PortSwigger Burp Suite Professional, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Rapid7 AppSpider vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.