We performed a comparison between CAST Application Intelligence Platform and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Software Development Analytics solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It supports most programming languages."
"The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out."
"Used for controlling the technical debt and code quality."
"CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform."
"Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients."
"I like that it covers most programming languages for source code review."
"The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code."
"Can tweak rules and feed them into our build pipelines."
"All the features of the solution are quite good."
"We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part."
"It is a good deal compared to all other tools on the market."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis."
"Implementation could be made more simpler as it is complex."
"The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules. An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code."
"Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues."
"The integration of this solution could be improved."
"It has very few plugins to access different code repositories, so source code has to be fed."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"The solution could improve by providing more advanced technologies."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
More CAST Application Intelligence Platform Pricing and Cost Advice →
CAST Application Intelligence Platform is ranked 3rd in Software Development Analytics with 4 reviews while SonarQube is ranked 1st in Software Development Analytics with 112 reviews. CAST Application Intelligence Platform is rated 7.0, while SonarQube is rated 8.0. The top reviewer of CAST Application Intelligence Platform writes "Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". CAST Application Intelligence Platform is most compared with Fortify Application Defender, Fortify on Demand, Checkmarx One and BlueOptima, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our CAST Application Intelligence Platform vs. SonarQube report.
See our list of best Software Development Analytics vendors.
We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.