Try our new research platform with insights from 80,000+ expert users

CodeSonar vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

CodeSonar
Ranking in Application Security Tools
22nd
Average Rating
8.2
Number of Reviews
7
Ranking in other categories
Static Code Analysis (6th)
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of CodeSonar is 1.2%, up from 0.8% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Mathieu ALBRESPY - PeerSpot reviewer
Oct 31, 2022
Nice interface, quick to deploy, and easy to expand
This is the first time I've used this kind of software. It was the only one we could apply to analyze with MISRA rules. At my new company, I tried to use Klocwork. I tried to use it, just once so I cannot compare it exactly with CodeSonar. I also have a plugin for my Visual Studio and I try to make it work. It's not easy, however, I don't think that we have this kind of functionality with CodeSonar. It can do some incremental analysis. However, since this feature is also available on CodeSonar, it would be a good idea to have a plugin on Visual Studio just to have a quick analysis.
Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"CodeSonar’s most valuable feature is finding security threats."
"The tool is very good for detecting memory leaks."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"It has been able to scale."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"There is nice functionality for code surfing and browsing."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"There's plenty of documentation available to users."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"It has very good scalability and stability."
"This solution is simple to use and can be quickly deployed."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
 

Cons

"There could be a shared licensing model for the users."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"It was expensive."
"The scanning tool for core architecture could be improved."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"It would be better if SonarQube provided a good UI for external configuration."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"When we have a thousand products published over it, we expect it to be more efficient in terms of serving requests from the browser."
"If you don't have any experience with the configuration or how to configure the files, it can be complicated."
"In terms of analysis and findings, other tools provide more in-depth insights and detailed steps to mitigate or handle issues."
"It does not provide deeper scanning of vulnerabilities in an application, on a live session. This is something we are not happy about. Maybe the reason for that is we are running the community edition currently, but other editions may improve on that aspect."
 

Pricing and Cost Advice

"The solution's price depends on the number of licenses needed and the source code for the project."
"The application’s pricing is high compared to other tools."
"Our organization purchased a license to use the solution."
"Pricing is a bit costly."
"We use the tool's community edition."
"We are using the Community edition of SonarQube."
"The price of this solution is more expensive than competitors. However, it works better than competitors."
"People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it."
"We're using an older version because it is the open-source flavor of it and we can continue using it at no cost. We're not paying any licensing at all, which was another factor in choosing this route so that we can learn and grow with it and not be committed to licenses and other similar things. If we choose to get something else, we have to relearn, but we don't have to relicense. Basically, we're paying no license costs."
"The licence is standard open source licensing"
"I am satisfied with the pricing."
"SonarQube price is a little bit higher than Kiuwan's. Kiuwan also gives a little bit of flexibility in terms of pricing."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
24%
Computer Software Company
15%
University
9%
Financial Services Firm
6%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about CodeSonar?
CodeSonar’s most valuable feature is finding security threats.
What is your experience regarding pricing and costs for CodeSonar?
The application’s pricing is high compared to other tools. I rate its pricing a four out of ten.
What needs improvement with CodeSonar?
Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It wi...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

No data available
Sonar
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY
Information Not Available
Find out what your peers are saying about CodeSonar vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.