We performed a comparison between SonarQube and Tenable.io Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The initial setup is simple. It requires some security, but it's simple."
"Offers multi-programming language support"
"The product is simple."
"It is a very good tool for analysis despite its limitations."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"The solution offers a very good community edition."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"Tenable.io Web Application Scanning is very easy to use."
"The initial setup is straightforward."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"It is fully automated."
"The most effective feature of the product is the ability to scan the entire environment."
"The solution's instant reports feature is the most effective for detecting threats."
"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."
"The solution could improve by providing more advanced technologies."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"The handling of the contents of Docker container images could be better."
"The BPM language is important and should be considered in SonarQube."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
"The solution's dashboards could be improved and made more user-friendly."
"Tenable.io Web Application Scanning could improve by offering faster fuzzing."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"The platform's technical support services could be better."
"It isn't easy to manage vulnerabilities in Tenable."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
"It would be great if there were a dashboard that is more user-friendly."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
SonarQube is ranked 1st in Application Security Tools with 112 reviews while Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews. SonarQube is rated 8.0, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security, whereas Tenable.io Web Application Scanning is most compared with Acunetix, Qualys Web Application Scanning, Fortify on Demand, PortSwigger Burp Suite Professional and Invicti. See our SonarQube vs. Tenable.io Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.