We performed a comparison between Rapid7 AppSpider and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The setup is usually straightforward."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"The most valuable feature is the reporting, which is compliant with international standards."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"It scans all the components developed within a web application."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"This has improved our organization because it has helped to find Security Vulnerabilities."
"We have worked with the support from SonarQube and we have had good experiences."
"There is a free version."
"It is a very good tool for analysis and security vulnerability checking."
"This solution is simple to use and can be quickly deployed."
"If you want to have your code scanned and timed then this is a good tool."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"I like that it helps us maintain our work quality and code security."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"There are some glitches with stability, and it is an area for improvement."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"Support response times are slow and can be improved."
"AppSpider has some problems with the RAM needed while scanning."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"This price of this solution is a little bit expensive."
"A better design of the interface and add some new rules."
"Monitoring is a feature that can be improved in the next version."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"In terms of analysis and findings, other tools provide more in-depth insights and detailed steps to mitigate or handle issues."
"The tool needs to be more compatible with C/C++ language"
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 112 reviews. Rapid7 AppSpider is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and PortSwigger Burp Suite Professional, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our Rapid7 AppSpider vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.