Try our new research platform with insights from 80,000+ expert users

Fortify WebInspect vs SonarQube Cloud (formerly SonarCloud) comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Fortify WebInspect
Average Rating
7.2
Reviews Sentiment
6.8
Number of Reviews
20
Ranking in other categories
Dynamic Application Security Testing (DAST) (2nd), DevSecOps (9th)
SonarQube Cloud (formerly S...
Average Rating
8.2
Reviews Sentiment
6.3
Number of Reviews
11
Ranking in other categories
Static Application Security Testing (SAST) (10th)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Fortify WebInspect is designed for Dynamic Application Security Testing (DAST) and holds a mindshare of 31.2%, down 33.7% compared to last year.
SonarQube Cloud (formerly SonarCloud), on the other hand, focuses on Static Application Security Testing (SAST), holds 6.8% mindshare, up 6.3% since last year.
Dynamic Application Security Testing (DAST)
Static Application Security Testing (SAST)
 

Featured Reviews

Navin N - PeerSpot reviewer
Sep 16, 2024
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…
Diego Moreo - PeerSpot reviewer
Oct 7, 2024
Enhanced code quality with data consolidation needs and good pipeline integration
We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"It is scalable and very easy to use."
"The accuracy of its scans is great."
"The user interface is ok and it is very simple to use."
"Guided Scan option allows us to easily scan and share reports."
"It's a well-known platform for doing dynamic application scanning."
"The solution is easy to use."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"The reports from SonarCloud are very good."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The most valuable feature of SonarCloud is its overall performance."
"The solution can be installed locally."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
 

Cons

"A localized version, for example, in Korean would be a big improvement to this solution."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"We have often encountered scanning errors."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"There are some file extensions, like .SER, that Fortify WebInspect doesn't scan."
"Not sufficiently compatible with some of our systems."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"Reporting features are missing in SonarCloud."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"The solution needs to improve its customization and flexibility."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"SonarCloud's UI needs enhancement."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
 

Pricing and Cost Advice

"The price is okay."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"Fortify WebInspect is a very expensive product."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"It’s a fair price for the solution."
"This solution is very expensive."
"The pricing is not clear and while it is not high, it is difficult to understand."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"The current pricing is quite cheap."
"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"I rate the pricing a five out of ten."
"I am using the free version of the solution."
"While not extremely cheap, it aligns well with market standards and offers good value."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
16%
Government
14%
Manufacturing Company
13%
Computer Software Company
19%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortify WebInspect?
The solution's technical support was very helpful.
What is your experience regarding pricing and costs for Fortify WebInspect?
Pricing depends on the deal and can vary. Smaller clients might find it challenging to afford Fortify WebInspect, while it is more suitable for medium to large enterprises. The OEMs tend to price s...
What needs improvement with Fortify WebInspect?
There are some file extensions, like .SER, that Fortify WebInspect doesn't scan. For these, we have to depend on other tools like GitHub scanners.
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost.
What needs improvement with SonarCloud?
Reporting features are missing in SonarCloud. We do not have a way to consolidate data within the tool, requiring us to extract data and use Power BI for reports.
 

Also Known As

Micro Focus WebInspect, WebInspect
No data available
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Aaron's
Information Not Available
Find out what your peers are saying about Fortify WebInspect vs. SonarQube Cloud (formerly SonarCloud) and other solutions. Updated: May 2022.
814,528 professionals have used our research since 2012.