Try our new research platform with insights from 80,000+ expert users

CodeSonar vs HCL AppScan comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024
 

Categories and Ranking

CodeSonar
Ranking in Application Security Tools
20th
Average Rating
8.2
Number of Reviews
7
Ranking in other categories
Static Code Analysis (5th)
HCL AppScan
Ranking in Application Security Tools
13th
Average Rating
7.8
Number of Reviews
42
Ranking in other categories
Static Application Security Testing (SAST) (12th), Dynamic Application Security Testing (DAST) (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of CodeSonar is 1.2%, up from 0.8% compared to the previous year. The mindshare of HCL AppScan is 2.6%, down from 2.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Mathieu ALBRESPY - PeerSpot reviewer
Oct 31, 2022
Nice interface, quick to deploy, and easy to expand
This is the first time I've used this kind of software. It was the only one we could apply to analyze with MISRA rules. At my new company, I tried to use Klocwork. I tried to use it, just once so I cannot compare it exactly with CodeSonar. I also have a plugin for my Visual Studio and I try to make it work. It's not easy, however, I don't think that we have this kind of functionality with CodeSonar. It can do some incremental analysis. However, since this feature is also available on CodeSonar, it would be a good idea to have a plugin on Visual Studio just to have a quick analysis.
Gladwin Christian - PeerSpot reviewer
Sep 29, 2023
A useful tool to scan applications that can be easily installed
Given that we have been using HCL AppScan for many years, I think the setup process is not difficult at all. Sometimes, some issues stop or prevent my company from moving forward with the product's setup phase. We have to call HCL's support team and engage in long discussions to smoothly carry out the setup phase. In general, the product's setup phase is not difficult in our company. The solution is deployed on an on-premises model. The licenses for the solution are available only on cloud deployments nowadays. The solution is already installed in our environment. Every time a new release or software comes out from HCL, our company does a scan, which takes maybe a day or two.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It has been able to scale."
"There is nice functionality for code surfing and browsing."
"The tool is very good for detecting memory leaks."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"CodeSonar’s most valuable feature is finding security threats."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"Compared to other tools only AppScan supports special language."
"The solution is easy to use."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"We leverage it as a quality check against code."
"You can easily find particular features and functions through the UI."
 

Cons

"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"There could be a shared licensing model for the users."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"The scanning tool for core architecture could be improved."
"It was expensive."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"They have to improve support."
"They should have a better UI for dashboards."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"One thing which I think can be improved is the CI/CD Integration"
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"Many silly false positives are produced."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
 

Pricing and Cost Advice

"Our organization purchased a license to use the solution."
"The application’s pricing is high compared to other tools."
"The solution's price depends on the number of licenses needed and the source code for the project."
"Pricing is a bit costly."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"I rate the product's price a seven on a scale of one to ten, where one is low, and ten is high. HCL AppScan is an expensive tool."
"HCL AppScan is expensive."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"The solution is cheap."
"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The product has premium pricing and could be more competitive."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
25%
Computer Software Company
14%
University
9%
Financial Services Firm
6%
Computer Software Company
18%
Financial Services Firm
14%
Manufacturing Company
11%
Government
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about CodeSonar?
CodeSonar’s most valuable feature is finding security threats.
What is your experience regarding pricing and costs for CodeSonar?
The application’s pricing is high compared to other tools. I rate its pricing a four out of ten.
What needs improvement with CodeSonar?
Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It wi...
What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities.
What is your primary use case for HCL AppScan?
We use AppScan primarily for security testing and performance monitoring across our systems.
 

Also Known As

No data available
IBM Security AppScan, Rational AppScan, AppScan
 

Overview

 

Sample Customers

Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY
Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Find out what your peers are saying about CodeSonar vs. HCL AppScan and other solutions. Updated: October 2024.
814,763 professionals have used our research since 2012.