We performed a comparison between SonarQube and Synopsys Defensics based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"The stability is good."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"There is a free version."
"Provides local scanning for developers."
"The initial setup is simple. It requires some security, but it's simple."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"The solution is stable."
"We have found multiple issues in our embedded system network protocols, related to buffer overflow. We have reduced some of these issues."
"Whatever the test suit they give, it is intelligent. It will understand the protocol and it will generate the test cases based on the protocol: protocol, message sequence, protocol, message structure... Because of that, we can eliminate a lot of unwanted test cases, so we can execute the tests and complete them very quickly."
"The product is related to US usage with TLS contact fees, i.e. how more data center connections will help lower networking costs."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple."
"I would like to see dynamic code analysis in the next version of the software."
"The product must improve security analysis."
"Technical support and the price could be better."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"It does not support the complete protocol stack. There are some IoT protocols that are not supported and new protocols that are not supported."
"Codenomicon Defensics should be more advanced for the testing sector. It should be somewhat easy and flexible to install."
"Sometimes, when we are testing embedded devices, when we trigger the test cases, the target will crash immediately. It is very difficult for us to identify the root cause of the crash because they do not provide sophisticated tools on the target side. They cover only the client-side application... They do not have diagnostic tools for the target side. Rather, they have them but they are very minimal and not very helpful."
Earn 20 points
SonarQube is ranked 1st in Application Security Tools with 112 reviews while Synopsys Defensics is ranked 5th in Fuzz Testing Tools. SonarQube is rated 8.0, while Synopsys Defensics is rated 8.6. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Synopsys Defensics writes "Technical support provided protocol-specific documentation to prove that some positives were not false". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security, whereas Synopsys Defensics is most compared with Snyk, Fortify on Demand, Invicti, HCL AppScan and PortSwigger Burp Suite Professional.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.