Try our new research platform with insights from 80,000+ expert users

CodeSonar vs HCL AppScan comparison

CodeSecure and HCLSoftware are both solutions in the Application Security Tools category. CodeSecure is ranked #34 with an average rating of 7.0, while HCLSoftware is ranked #14 with an average rating of 7.9. CodeSecure holds a 1.4% mindshare in AS, compared to HCLSoftware ’s 2.6% mindshare. Additionally, 87% of CodeSecure users are willing to recommend the solution, compared to 83% of HCLSoftware users who would recommend it.
CodeSonar
Read 7 CodeSonar reviews
  • 1,855 Views
  • 1,189 Comparison Views
87% willing to recommend
HCL AppScan
Read 43 HCL AppScan reviews
  • 3,792 Views
  • 2,867 Comparison Views
83% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

HCL AppScan and CodeSonar are leading solutions in the application security sector. While both offer unique advantages, CodeSonar seems to have an edge in advanced analysis capabilities.

Features: HCL AppScan offers comprehensive security testing abilities and robust integration options. It is also recognized for providing extensive security features. CodeSonar is noted for its deep static analysis, support for large codebases, and the ability to identify complex code vulnerabilities.

Room for Improvement: HCL AppScan users suggest enhancements in usability, performance speed, and intuitive design. CodeSonar reviews mention the need for improved reporting outputs, expanded language support, and greater programming language compatibility.

Ease of Deployment and Customer Service: HCL AppScan is praised for straightforward deployment and efficient customer service. CodeSonar offers detailed support and customization options, though its deployment can be complex, requiring more initial investment.

Pricing and ROI: HCL AppScan has an accessible initial setup cost with a satisfactory ROI, owing to its feature set. CodeSonar, with a higher initial cost, provides significant long-term ROI for complex projects where intricate static analysis is crucial, making its pricing worthwhile.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed CodeSonar vs. HCL AppScan Report (Updated: April 2025).
Buyer's Guide
CodeSonar vs. HCL AppScan
April 2025
Download the complete report
Helped 846,617 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CodeSonar
Ranking in Application Security Tools
34th
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
7
Ranking in other categories
Static Code Analysis (8th)
HCL AppScan
Ranking in Application Security Tools
14th
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
43
Ranking in other categories
Static Application Security Testing (SAST) (10th), Dynamic Application Security Testing (DAST) (1st)
 

Mindshare comparison

As of April 2025, in the Application Security Tools category, the mindshare of CodeSonar is 1.4%, up from 0.9% compared to the previous year. The mindshare of HCL AppScan is 2.6%, down from 2.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Mathieu ALBRESPY - PeerSpot reviewer
Nice interface, quick to deploy, and easy to expand
This is the first time I've used this kind of software. It was the only one we could apply to analyze with MISRA rules. At my new company, I tried to use Klocwork. I tried to use it, just once so I cannot compare it exactly with CodeSonar. I also have a plugin for my Visual Studio and I try to make it work. It's not easy, however, I don't think that we have this kind of functionality with CodeSonar. It can do some incremental analysis. However, since this feature is also available on CodeSonar, it would be a good idea to have a plugin on Visual Studio just to have a quick analysis.
Read full review
Rishi Anupam - PeerSpot reviewer
A stable and scalable scanning solution with good reporting feature
The solution is used for the vulnerabilities scan on the network side The reporting part is the most valuable feature. The penetration testing feature should be included. I have been using the solution for four years. It is a stable solution. I rate it seven out of ten. It is a scalable…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"There is nice functionality for code surfing and browsing."
"It has been able to scale."
"The tool is very good for detecting memory leaks."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"CodeSonar’s most valuable feature is finding security threats."
"The UI was very intuitive."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"I like the recording feature."
"The solution is cheap."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The security and the dashboard are the most valuable features."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"We use it as a security testing application."
More HCL AppScan pros
 

Cons

"It was expensive."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"The scanning tool for core architecture could be improved."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"There could be a shared licensing model for the users."
"The pricing has room for improvement."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"Many silly false positives are produced."
"There is not a central management for static and dynamic."
"AppScan needs to improve its handling of false positives."
"​IBM Security AppScan Source is rather hard to use​."
"They could add a software component analysis tool."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
More HCL AppScan cons
 

Pricing and Cost Advice

"The application’s pricing is high compared to other tools."
"The solution's price depends on the number of licenses needed and the source code for the project."
"Pricing is a bit costly."
"Our organization purchased a license to use the solution."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The price is very expensive."
"The solution is moderately priced."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"The tool was expensive."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"The solution is cheap."
More HCL AppScan pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
846,617 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
25%
Computer Software Company
12%
University
9%
Financial Services Firm
6%
Computer Software Company
18%
Financial Services Firm
14%
Government
11%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about CodeSonar?
CodeSonar’s most valuable feature is finding security threats.
See all answers
What is your experience regarding pricing and costs for CodeSonar?
The application’s pricing is high compared to other tools. I rate its pricing a four out of ten.
See all answers
What needs improvement with CodeSonar?
Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It wi...
See all answers
What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
See all answers
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
See all answers
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
See all answers
 

Comparisons

SonarQube Server (formerly SonarQube) vs CodeSonar Logo
SonarQube Server (formerly SonarQube) vs CodeSonar
Compared 61% of the time
Coverity vs CodeSonar Logo
Coverity vs CodeSonar
Compared 21% of the time
Polyspace Code Prover vs CodeSonar Logo
Polyspace Code Prover vs CodeSonar
Compared 8% of the time
Klocwork vs CodeSonar Logo
Klocwork vs CodeSonar
Compared 2% of the time
Understand vs CodeSonar Logo
Understand vs CodeSonar
Compared 2% of the time
More CodeSonar Competitors
Acunetix vs HCL AppScan Logo
Acunetix vs HCL AppScan
Compared 15% of the time
SonarQube Server (formerly SonarQube) vs HCL AppScan Logo
SonarQube Server (formerly SonarQube) vs HCL AppScan
Compared 12% of the time
Veracode vs HCL AppScan Logo
Veracode vs HCL AppScan
Compared 10% of the time
Fortify on Demand vs HCL AppScan Logo
Fortify on Demand vs HCL AppScan
Compared 8% of the time
OWASP Zap vs HCL AppScan Logo
OWASP Zap vs HCL AppScan
Compared 8% of the time
More HCL AppScan Competitors
 

Product Reports

Buyer's Guide
Application Security Tools
April 2025
CodeSonar reportDownload CodeSonar product report
Buyer's Guide
HCL AppScan
April 2025
HCL AppScan reportDownload HCL AppScan product report
 

Also Known As

No data available
IBM Security AppScan, Rational AppScan, AppScan
 

Overview

GrammaTech enables organizations to develop software applications more efficiently, on-budget, and on-schedule by helping to eliminate harmful defects that can cause system failures, enable data breaches, and ultimately increase corporate liabilities in today’s connected world. GrammaTech is the developer of CodeSonar, the most powerful source and binary code analysis solution available today. Extraordinarily precise, CodeSonar finds, on average, 2 times more serious defects in software than other static analysis solutions. Designed for organizations with zero tolerance for defects and vulnerabilities in their applications, CodeSonar provides static analysis for applications where reliability and security are paramount - widely used by software developers in avionics, medical, automotive, industrial control, and other mission-critical applications. Some of GrammaTech's customers include Toyota, GE, Hyundai, Kawasaki, LG, Lockheed Martin, NASA, Northrop Grumman, Panasonic, and Samsung.

CodeSecure

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

HCLSoftware
 

Sample Customers

Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY
Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Buyer's Guide
CodeSonar vs. HCL AppScan
April 2025
Free Report: CodeSonar vs. HCL AppScan
Find out what your peers are saying about CodeSonar vs. HCL AppScan and other solutions. Updated: April 2025.
DOWNLOAD NOW
846,617 professionals have used our research since 2012.
See our CodeSonar vs. HCL AppScan report.
See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.