We performed a comparison between HCL AppScan and Sonarqube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Sonarqube offers better integration capabilities than HCL AppScan. Additionally, Sonarqube users are happier with the pricing. For these reasons, Sonarqube is the more desirable product in this comparison.
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"The solution offers services in a few specific development languages."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"The most valuable feature of the solution is Postman."
"We are now deploying less defects to production."
"The product has valuable features for static and dynamic testing."
"AppScan is stable."
"Before you even compile, it can catch known vulnerability issues or patterns."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"Strong code evaluation for budget-minded clients."
"SonarQube is good for checking and maintaining code quality."
"Can tweak rules and feed them into our build pipelines."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"They should have a better UI for dashboards."
"HCL AppScan needs to improve security."
"They could add a software component analysis tool."
"One thing which I think can be improved is the CI/CD Integration"
"There is not a central management for static and dynamic."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"Improvement can be done as per customer requirements."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"Our developers have complained about the Quality Gates and the number of false positives that this product reports."
"I am not very pleased with the technical debt computation."
"After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
HCL AppScan is ranked 14th in Application Security Tools with 41 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. HCL AppScan is rated 7.8, while SonarQube is rated 8.0. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". HCL AppScan is most compared with Veracode, Acunetix, PortSwigger Burp Suite Professional, OWASP Zap and Fortify on Demand, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity and Veracode. See our HCL AppScan vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.