We performed a comparison between Polyspace Code Prover and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The outputs are very reliable."
"The product detects memory corruptions."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"Polyspace Code Prover is a very user-friendly tool."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"The most valuable features are the segregation containment and the suspension of product services."
"SonarQube is good for checking and maintaining code quality."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"It provides the security that is required from a solution for financial businesses."
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"Using Code Prover on large applications crashes sometimes."
"One of the main disadvantages is the time it takes to initiate the first run."
"I'd like the data to be taken from any format."
"The tool has some stability issues."
"Automation could be a challenge."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"A little bit more emphasis on security and a bit more security scanning features would be nice."
"Ease of use/interface."
"The solution could improve by providing more advanced technologies."
"I would like to see dynamic code analysis in the next version of the software."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"SonarQube is not development-centric like Snyk."
Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Polyspace Code Prover is rated 7.6, while SonarQube is rated 8.0. The top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Polyspace Code Prover is most compared with Coverity, Klocwork, CodeSonar, Parasoft SOAtest and GitLab, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Polyspace Code Prover vs. SonarQube report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.