We performed a comparison between GitHub and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."GitHub is pure or open-source; you can access it anywhere. You can have a lot of collateral information. You can make the changes and do the reviews from one place."
"The most valuable aspects of GitHub are version control and parallel development. I also appreciate the forking part, which allows us to release a specific set of features to the environment."
"GitHub's version control is valuable."
"You can write the code with AI. But when it comes to implementation, you must upgrade the bits of code that will support this and generate solutions based on that architecture. Then, you need comparable code bits. Therefore, AI can propose how much a specific function can be better optimized. So, AI can help stakeholders reach tasks quicker."
"The product has a good UI. It's simple and easy to access, and technical help is easily available. The two-factor authentication security is another valuable feature."
"A great feature is being able to have different repositories and different kinds of projects in a single solution at a single time. It's just a click away."
"Even if I'm not in the office, I can access and work on my code from anywhere with my account credentials."
"I did not have any issues with the stability of Github. It worked seamlessly."
"We consider it a handy tool that helps to resolve our issues immediately."
"I like that it has a better dashboard compared to Clockwork. It's also stable."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"The solution's user interface is very user-friendly."
"Any developer can easily identify issues using the process flow or steps provided by SonarQube. In terms of integration, SonarQube makes it quite easy, simplifying the steps for users."
"This solution has helped with the integration and building of our CICD pipeline."
"The static code analysis is very good."
"The software quality gate streamlines the product's quality."
"The user interface on GitLab is better."
"The only thing I see missing in GitHub is that it isn't very user friendly for key personnel who don't have in-depth, technical knowledge. In Jira, there are many functions to upload our test cases, and in GitHub we can only do it manually. There are functions which can be used to upload different files, but that still requires some technical knowledge. A layman cannot do it."
"There is room for improvement in terms of interface."
"It is currently only from the development perspective. It doesn't have features related to project management and testing. It is not like Azure. So, there is a lot of room for improvement. It is a version control product, and it would be good if they can come up with a complete DevOps product."
"The solution should have less integration with the AI part, but it needs to add features with other automation tools so that it can be easily integrated."
"The initial setup and implementation could be easier, I had some difficulties with it at first but I don't have a development background."
"The ticketing system is not working."
"There is a bit of a learning curve."
"The product's pricing could be lower."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"I would like to see more options for security, beyond the basics like SQL injection."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report."
"This solution finds issues that are similar to what is found by Checkmarx, and it would be nice if the overlap could be eliminated."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
GitHub is ranked 12th in Application Security Tools with 74 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. GitHub is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitHub is most compared with Snyk, AWS CodeCommit, Fortify on Demand, Bitbucket and Surround SCM, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our GitHub vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.