We performed a comparison between Check Point CloudGuard WAF and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The first valuable feature is that it is not a complex process to get it up and running. It was not complex at all. We were in a close relationship with the team that developed the app, and it worked in a few hours. The second valuable feature is the information that comes out of it."
"The tool's most valuable feature is AI, which makes operations easier. Moreover, it is easy to deploy."
"It offers high performance and improved productivity for users."
"Its main value and what we liked the most is its powerful AI."
"After integrating AppSec with other applications, team members can easily work without fear of confidential information exposure."
"The tool helps us to block IPs and applications."
"The most effective CloudGuard feature for threat prevention is its web app protection."
"We have not had any incidents. We could realize its benefits immediately. We watched and monitored the traffic, and it was amazing to see the results."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"The static code analysis is very good."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"It is a good deal compared to all other tools on the market."
"It automatically scans for code, detects vulnerabilities, and generates daily reports."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"Can tweak rules and feed them into our build pipelines."
"I feel like I need more clarity in understanding pricing for DDoS protection."
"The documentation needs to be updated, more improved, and simplified... so that even a beginner can start with this application. It can make things more beginner-friendly."
"The coding configurations can be simplified to save time for IT teams and developers."
"In terms of features, I do not have any negatives. Their integration is extremely quick. It is better than others I have been involved with in the past. Their pricing model, however, can be better."
"Cost reduction and trial period extension should be considered with some lucrative discount offerings in buying standard versions."
"We would like the solution to be more economical since it is not accessible to all clients."
"They should improve in the delivery of more detailed reports with more information."
"We would like to have a solution of this type for the administration of applications from mobile devices."
"You may need to purchase add-ons to get the useability you desire."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"It should be user-friendly."
"Expression of common vulnerabilities and exposures is not always current."
"If you don't have any experience with the configuration or how to configure the files, it can be complicated."
"We could use some team support, but since we are using the community version, it's not available."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
Check Point CloudGuard WAF is ranked 11th in Application Security Tools with 30 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Check Point CloudGuard WAF is rated 9.0, while SonarQube is rated 8.0. The top reviewer of Check Point CloudGuard WAF writes "Automation capabilities also help streamline security processes and smooths down API integration processes and detects API availability". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Check Point CloudGuard WAF is most compared with Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Check Point CloudGuard WAF vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.