We performed a comparison between CodeSonar and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has been able to scale."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"There is nice functionality for code surfing and browsing."
"CodeSonar’s most valuable feature is finding security threats."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"The tool is very good for detecting memory leaks."
"This solution has helped with the integration and building of our CICD pipeline."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"It is very good at identifying technical debt."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"SonarQube is a fantastic tool which saves us precious time."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"There could be a shared licensing model for the users."
"The scanning tool for core architecture could be improved."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"It was expensive."
"The product needs to integrate other security tools for security scanning."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"In terms of analysis and findings, other tools provide more in-depth insights and detailed steps to mitigate or handle issues."
"After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report."
"It would be better if SonarQube provided a good UI for external configuration."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"I am not very pleased with the technical debt computation."
"The product's pricing could be lower."
CodeSonar is ranked 21st in Application Security Tools with 7 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. CodeSonar is rated 8.2, while SonarQube is rated 8.0. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". CodeSonar is most compared with Coverity, Klocwork, Polyspace Code Prover, Semgrep Code and Fortify Static Code Analyzer, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and HCL AppScan. See our CodeSonar vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.