We performed a comparison between CodeSonar and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool is very good for detecting memory leaks."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"There is nice functionality for code surfing and browsing."
"It has been able to scale."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"CodeSonar’s most valuable feature is finding security threats."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"This solution is simple to use and can be quickly deployed."
"The product itself has a friendly UI."
"It provides the security that is required from a solution for financial businesses."
"The solution has a plug-in that supports both C and C++ languages."
"We have worked with the support from SonarQube and we have had good experiences."
"It was expensive."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"There could be a shared licensing model for the users."
"The scanning tool for core architecture could be improved."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"Dynamic scanning is missing and there are some issues with security scanning."
"After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report."
"Technical support and the price could be better."
"A better design of the interface and add some new rules."
"I would like to see more options for security, beyond the basics like SQL injection."
"We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"I find it is light on the security side."
CodeSonar is ranked 21st in Application Security Tools with 7 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. CodeSonar is rated 8.2, while SonarQube is rated 8.0. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". CodeSonar is most compared with Coverity, Klocwork, Polyspace Code Prover, Semgrep Code and Fortify Static Code Analyzer, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and HCL AppScan. See our CodeSonar vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.