Try our new research platform with insights from 80,000+ expert users

Apiiro vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

Apiiro
Ranking in Static Application Security Testing (SAST)
21st
Average Rating
8.6
Number of Reviews
2
Ranking in other categories
Software Composition Analysis (SCA) (11th), API Security (7th), Software Supply Chain Security (8th), Risk-Based Vulnerability Management (13th), Application Security Posture Management (ASPM) (2nd)
SonarQube Server (formerly ...
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Application Security Tools (1st), Software Development Analytics (1st)
 

Featured Reviews

Ryan-Murphy - PeerSpot reviewer
Oct 31, 2023
A great secrets detection feature, good visibility, and integrates well
The biggest benefit of Apiiro for us was the visibility it gave us into our GitHub organization, which we didn't have much of before. The benefit of adding Apiiro early is that it would be integrated into our pipeline from the start. Since we have had some of our software products for many years, we would have to do a lot of cleaning up before integrating Apiiro into our developer workflow. Integrating Apiiro early allows us to stay ahead of the curve on security issues and address them as they arise, rather than having a huge backlog for developers to fix. Apiiro's ability to provide visibility into the risk of our application components is great. This was a selling feature for us. Apiiro was a less mature product a little over a year ago when they were still early on in their development. However, they have made fantastic advancements over the last year, which has given us much more visibility into that sort of thing. Apiiro has helped prevent business-critical risks by making recommendations based on what it thinks is a high or critical issue. I think it does a pretty good job at that, but those recommendations still need a manual review from us. In general, if Apiiro flags a critical issue, it is usually pretty close to identifying whether it is business-critical or not. It is something we should review, even if we end up downgrading it. Apiiro raises valid concerns, and I am happy that it does.
Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The workflow automation is likely the best aspect of the solution."
"Apiiro's secrets detection feature has saved us several times, which we appreciate greatly."
"It's enabled us to improve software quality and help us to disseminate best practices."
"The solution is stable."
"Before you even compile, it can catch known vulnerability issues or patterns."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"All the features of the solution are quite good."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"We consider it a handy tool that helps to resolve our issues immediately."
 

Cons

"User management is a little bit clunky."
"I would like support for our self-hosted Git server, other than GitHub, just regular Git."
"I am not very pleased with the technical debt computation."
"In terms of analysis and findings, other tools provide more in-depth insights and detailed steps to mitigate or handle issues."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"Currently requires multiple tools, lacking one overall tool."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"Depending on the tool's configuration, sometimes you get false alarms that are unimportant to you."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
 

Pricing and Cost Advice

Information not available
"I was using the Community Edition, which is available free of charge."
"The beauty of this solution is the free open-source version is capable enough in doing pretty much what an enterprise-level version can do."
"We did not purchase a license (required for C++ support), but this option was considered."
"There are many different packages with different pricing options available. We are able to try what we have and if we need extra features we can upgrade the license."
"SonarQube enterprise, I am not sure of the price but from what I understand they are charging a fee. It's is not clear if it is an annual fee or a one-off."
"We are using the open-source version, which is available free of cost."
"SonarQube is a cost-effective solution."
"It's an open-source solution, with no additional costs."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
22%
Financial Services Firm
10%
Manufacturing Company
9%
Comms Service Provider
9%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Apiiro?
Apiiro's secrets detection feature has saved us several times, which we appreciate greatly.
What is your experience regarding pricing and costs for Apiiro?
My understanding is the pricing is pretty competitive.
What needs improvement with Apiiro?
Apiiro recently integrated SaaS, and we would love to see them expand on that. They provide many integrations to different products, including SaaS products such as Snyk. Ideally, Apiiro would incl...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

Apiiro Control Plane (ASOC), Apiiro API Security (SAST), Apiiro Open Source (SCA)
Sonar
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Morgan Stanley, Rakuten, Jack Henry, SoFi, Colgate, Navan
Information Not Available
Find out what your peers are saying about Apiiro vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.