Try our new research platform with insights from 80,000+ expert users

Cequence Security vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

Cequence Security
Ranking in Application Security Tools
25th
Average Rating
10.0
Reviews Sentiment
6.3
Number of Reviews
1
Ranking in other categories
Bot Management (5th), API Security (6th)
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
113
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of December 2024, in the Application Security Tools category, the mindshare of Cequence Security is 0.1%, down from 0.1% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

reviewer2395431 - PeerSpot reviewer
Detect and mitigate attacks with API protection
Compliance with standards like those in Europe often requires ensuring that APIs adhere to OAuth and other security protocols. Many organizations need to verify that their APIs meet these compliance requirements. We can include information about where an API was first recorded and create a detailed chart. Some competitors already offer this feature. It is simple to integrate. Overall, I rate the solution a ten out of ten.
Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It uses machine learning algorithms to detect attacks and manage API inventory."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"If you want to have your code scanned and timed then this is a good tool."
"We advise all of our developers to have this solution in place."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"There's plenty of documentation available to users."
"It automatically scans for code, detects vulnerabilities, and generates daily reports."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"The good thing with SonarQube is it covers a lot of issues, it's a very robust framework."
 

Cons

"It is expensive."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"A little bit more emphasis on security and a bit more security scanning features would be nice."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"The product needs to integrate other security tools for security scanning."
"If I configure a project in SonarQube, it generates a token. When we're compiling our code with SonarQube, we have to provide the token for security reasons. If IP-based connectivity is established with the solution, the project should automatically be populated without providing any additional token. It will be easy to provide just the IP address. It currently supports this functionality, but it makes a different branch in the project dashboard. From the configuration and dashboard point of view, it should have some transformations. There can be dashboard integration so that we can configure the dashboard for different purposes."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
 

Pricing and Cost Advice

Information not available
"My guess is that we have a yearly subscription. We use it quite extensively, so a monthly license wouldn't make sense. Yearly subscriptions are usually cheaper. In addition to the standard licensing fee, there is just the cost of running the hardware where it is hosted."
"The free version of SonarQube does everything that we need it to."
"Some of the plugins that were previously free are not free now."
"I was using the Community Edition, which is available free of charge."
"The price of this solution is more expensive than competitors. However, it works better than competitors."
"The price of the solution could be reduced."
"We have a license with 125,000 lines of code. We did not purchase a lot of lines but it is specific to our code environment."
"We're using an older version because it is the open-source flavor of it and we can continue using it at no cost. We're not paying any licensing at all, which was another factor in choosing this route so that we can learn and grow with it and not be committed to licenses and other similar things. If we choose to get something else, we have to relearn, but we don't have to relicense. Basically, we're paying no license costs."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
823,875 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
8%
Educational Organization
6%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Cequence Security vs Jscrambler: What are the advantages and disadvantages of each?
From a Cequence perspective: There are several reasons to consider Cequence. First, we're an API security solution. We protect APIs that act as the glue that makes your applications work. Since API...
How does Cequence Security establish a baseline of normal application behavior and detect anomalies?
Cequence Security employs advanced machine learning and AI techniques to analyze the behavior of our applications in real-time. By continuously monitoring and processing data from user interactions...
What is Cequence Security's API Spartan and how can it help defend our company's infrastructure from bot attacks?
Cequence Security's behavior-based bot defense relies on the industry's largest threat database of bot behaviors, enabling users to track and block automated attacks with unparalleled efficacy rate...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

Cequence ASP, Cequence Unified API Protection Platform
Sonar
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

American Express, Lbrands, Ulta Beauty
Information Not Available
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: November 2024.
823,875 professionals have used our research since 2012.