Try our new research platform with insights from 80,000+ expert users

Fortify WebInspect vs SonarQube Cloud (formerly SonarCloud) comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortify WebInspect
Average Rating
7.2
Reviews Sentiment
6.8
Number of Reviews
20
Ranking in other categories
Dynamic Application Security Testing (DAST) (2nd), DevSecOps (8th)
SonarQube Cloud (formerly S...
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
Static Application Security Testing (SAST) (10th)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Fortify WebInspect is designed for Dynamic Application Security Testing (DAST) and holds a mindshare of 28.4%, down 34.1% compared to last year.
SonarQube Cloud (formerly SonarCloud), on the other hand, focuses on Static Application Security Testing (SAST), holds 7.0% mindshare, up 7.0% since last year.
Dynamic Application Security Testing (DAST)
Static Application Security Testing (SAST)
 

Featured Reviews

Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…
Diego Moreo - PeerSpot reviewer
Enhanced code quality with data consolidation needs and good pipeline integration
We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The feature that has been most influential in identifying vulnerabilities is its ability to crawl the website, understand the structure, and analyze the network packets sent and received."
"The tool provides comprehensive vulnerability assessments which help ensure our deliverables are as free from vulnerabilities as possible. It has also streamlined our web application vulnerability assessments, assisting us in delivering secure applications to our clients."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"The most valuable feature of this solution is the ability to make our customers more secure."
"The user interface is ok and it is very simple to use."
"The solution's technical support was very helpful."
"It is scalable and very easy to use."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The reports from SonarCloud are very good."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"The SaaS solution for checking code without execution and dealing with security issues is valuable."
"For what it is meant to do, it works pretty well."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
 

Cons

"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"The scanner could be better."
"We have often encountered scanning errors."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"Creating reports is very slow and it is something that should be improved."
"One thing I would like to see them introduce is a cloud-based platform."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"The solution needs to improve its customization and flexibility."
"Reporting features are missing in SonarCloud."
"We had some issues with the scanner."
"SonarCloud's UI needs enhancement."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
 

Pricing and Cost Advice

"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"The price is okay."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"It’s a fair price for the solution."
"The pricing is not clear and while it is not high, it is difficult to understand."
"Fortify WebInspect is a very expensive product."
"This solution is very expensive."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"I am using the free version of the solution."
"I rate the pricing a five out of ten."
"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"While not extremely cheap, it aligns well with market standards and offers good value."
"The current pricing is quite cheap."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
830,526 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
15%
Government
14%
Manufacturing Company
13%
Computer Software Company
19%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortify WebInspect?
The solution's technical support was very helpful.
What is your experience regarding pricing and costs for Fortify WebInspect?
Fortify WebInspect can be a bit expensive. However, considering its stability and reliability in meeting current standards, the cost is justified. Still, making the cost more affordable for multipl...
What needs improvement with Fortify WebInspect?
I would like WebInspect's scanning capability to be quicker. Specifically, being able to scan a particular flow or part of an application more rapidly would be beneficial. Additionally, the cost of...
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost.
What needs improvement with SonarCloud?
Reporting features are missing in SonarCloud. We do not have a way to consolidate data within the tool, requiring us to extract data and use Power BI for reports.
 

Also Known As

Micro Focus WebInspect, WebInspect
No data available
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Aaron's
Information Not Available
Find out what your peers are saying about Fortify WebInspect vs. SonarQube Cloud (formerly SonarCloud) and other solutions. Updated: May 2022.
830,526 professionals have used our research since 2012.