Acunetix and SonarQube Cloud both compete in the security testing domain. Acunetix has the upper hand in providing comprehensive security testing features during application runtime, while SonarQube Cloud excels in continuous code analysis and real-time feedback integration.
Features: Acunetix features an Interactive Application Security Testing module for detailed runtime vulnerability insights. Its flexible scan settings are easy to configure, offering robust reporting and quick, in-depth scans. SonarQube Cloud is efficient in continuous code analysis, detecting code vulnerabilities, and quality issues during development. It integrates seamlessly with version control systems, providing real-time feedback to developers.
Room for Improvement: Acunetix can enhance its IAS features and improve advanced configurations and dynamic testing, which can be hindered by false positives and complex scan setups. It also requires smoother manual replication and licensing adjustments. SonarQube Cloud needs better documentation and integration support for CI/CD pipelines, along with expanded customization and stronger reporting features to increase utility for larger organizations.
Ease of Deployment and Customer Service: Acunetix offers multiple deployment options, including on-premises and hybrid cloud, and provides responsive technical support, although some delays occur. It provides 24/7 support, appreciated by users. SonarQube Cloud, as a public cloud solution, simplifies deployment but has room to improve support responsiveness. Its ticket-based support has average response times impacting time-sensitive projects.
Pricing and ROI: Acunetix is perceived as expensive due to recent price increases and a complex licensing model based on the number of domains, though users report good ROI from improved security and risk reduction. SonarQube Cloud is considered more cost-effective, with pricing based on lines of code, providing good value for code quality improvements, though scaling costs may rise significantly.
It saves a significant amount of time by covering attack surfaces.
It is easily integrable with the CI/CD pipeline and supports multiple projects with its extensive plugin options.
The product is designed for bigger clients, while smaller companies are often put aside.
The technical support from Invicti is very good and fast.
The technical support from Acunetix is quite good
Integrating it into different solutions is straightforward.
The customer service and support for SonarQube Cloud are responsive and helpful.
There are limitations, and it seems to have fewer capabilities than Veracode.
SonarQube Cloud is a scalable product, and I rate its scalability at seven out of ten.
It is a quite stable solution.
From my team's feedback, it is almost an eight out of ten.
The support program was helpful in addressing it.
I would like to see SonarQube Cloud provide more detailed solutions for fixing code issues, especially solutions related to CVEs.
To improve SonarQube Cloud (formerly SonarCloud), it should excel in all these domains.
SonarQube Cloud could improve its vulnerability detection compared to Veracode.
The pricing of Acunetix is pretty expensive and could be improved.
We secured a special licensing model for penetration testing companies, which is cost-effective.
From my experience, SonarQube Cloud (formerly SonarCloud) is very expensive for small companies.
SonarQube Cloud is roughly equivalent in cost to Veracode, maybe a little cheaper.
Its most valuable role is in enhancing security by identifying potential vulnerabilities efficiently.
I find it to be one of the most comprehensive tools, with support for manual intervention.
It is integrated easily with the CI/CD pipeline, saving time and cost.
I use SonarQube Cloud (formerly SonarCloud) to check the quality of developer code and identify vulnerabilities.
I find SonarQube Cloud very easy to use and simple to integrate initially.
Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.
SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.
SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.
What are the key features of SonarQube Cloud?In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
