We performed a comparison between Acunetix and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."For us, the most valuable aspect of the solution is the log-sequence feature."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"The usability and overall scan results are good."
"The tool's most valuable feature is performance."
"Overall, it's a very good tool and a very good engine."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"This has improved our organization because it has helped to find Security Vulnerabilities."
"It is a good deal compared to all other tools on the market."
"If code coverage is a low number then that's of great value to me."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"There's a clear need for a reduction in pricing to make the service more accessible."
"The solution limits the number of scans. It would be much better if we could have unlimited scans."
"The solution's pricing could be better."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"The vulnerability identification speed should be improved."
"After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report."
"We did have some trouble with the LDAP integration for the console."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"The product's user documentation can be vastly improved."
"The product must improve security analysis."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"If you don't have any experience with the configuration or how to configure the files, it can be complicated."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
Acunetix is ranked 17th in Application Security Tools with 26 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. Acunetix is rated 7.6, while SonarQube is rated 8.0. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Tenable Nessus, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our Acunetix vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.