We performed a comparison between Invicti and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"Its ability to crawl a web application is quite different than another similar scanner."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"The good thing with SonarQube is it covers a lot of issues, it's a very robust framework."
"Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"It provides the security that is required from a solution for financial businesses."
"The stability is good."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"Invicti takes too long with big applications, and there are issues with the login portal."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"The custom attack preparation screen might be improved."
"The scanner itself should be improved because it is a little bit slow."
"The solution could improve by having better-consulting services."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"Our developers have complained about the Quality Gates and the number of false positives that this product reports."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"Technical support and the price could be better."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"A better design of the interface and add some new rules."
Invicti is ranked 20th in Application Security Tools with 25 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. Invicti is rated 8.2, while SonarQube is rated 8.0. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Fortify on Demand, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our Invicti vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.