Try our new research platform with insights from 80,000+ expert users

GitGuardian Platform vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

GitGuardian Platform
Ranking in Application Security Tools
6th
Ranking in Static Application Security Testing (SAST)
5th
Average Rating
9.0
Number of Reviews
24
Ranking in other categories
Data Loss Prevention (DLP) (6th), Software Supply Chain Security (4th), DevSecOps (4th)
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Software Development Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of GitGuardian Platform is 0.4%, up from 0.2% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Joan Ging - PeerSpot reviewer
Mar 19, 2024
It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation
While they do offer some basic reporting, more comprehensive reporting would be beneficial in the long run. This would allow me to demonstrate the value of the product over time to continue to effectively budget for this subscription, especially as they add features that may come at an additional cost. I appreciate the improvements made to reporting over the past year, but continued development in this area will be appreciated. We have encountered occasional difficulties with the Single Sign-On process. There is room for improvement in its current implementation. It works, but was not quite as smooth as the rest of the GitGuardian experience.
Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great."
"The entire GitGuardian solution is valuable. The product is doing its job and showing us many things. We get many false positives, but the ability to automatically display potential leaks when developers commit is valuable. The dashboards show you recent and historical commits, and we have a full scan that shows historical leaked secrets."
"Presently, we find the pre-commit hooks more useful."
"The most valuable feature of GitGuardian is that it finds tokens and passwords. That's why we need this tool. It minimizes the possibility of security violations that we cannot find on our own."
"I like GitGuardian's instant response. When you have an incident, it's reported immediately. The interface gives you a great overview of your current leaked secrets."
"The most valuable feature is its ability to automate both downloading the repository and generating a Software Bill of Materials directly from it."
"The most valuable feature is the general incident reporting system."
"It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smaller company and have never changed in size, but we got to the point where we felt the service brought us value, and we want to pay for it. We also wanted an SLA for technical support and whatnot, so we switched to a paid plan. Without that, they had a super-generous, free tier, and I was immensely impressed with it."
"The product has a friendly UI that is easy to use and understand."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"The most valuable function is its usability."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"The SonarQube dashboard looks great."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
 

Cons

"We have encountered occasional difficulties with the Single Sign-On process."
"There is room for improvement in its integration for bug-tracking. It should be more direct. They have invested a lot in user management, but they need to invest in integrations. That is a real lack."
"GitGuardian could have more detailed information on what software engineers can do. It only provides some highly generic feedback when a secret is detected. They should have outside documentation. We send this to our software engineers, who are still doing the commits. It's the wrong way to work, but they are accustomed to doing it this way. When they go into that ticket, they see a few instructions that might be confusing. If I see a leaked secret committed two years ago, it's not enough to undo that commit. I need to go in there, change all my code to utilize GitHub secrets, and go on AWS to validate my key."
"One of our current challenges is that the GitGuardian platform identifies encrypted secrets and statements as sensitive information even though they're secured."
"It could be easier. They have a CLI tool that engineers can run on their laptops, but getting engineers to install the tool is a manual process. I would like to see them have it integrated into one of those developer tools, e.g., VS Code or JetBrains, so developers don't have to think about it."
"For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives."
"The main thing for me is the customization for some of the healthcare-specific identifiers that we want to validate. There should be some ability, which is coming in the near future, to have custom identifiers. Being in healthcare, we have pretty specific patterns that we need to match for PHI or PII. Having that would add a little bit extra to it."
"Right now, we are waiting for improvement in the RBAC support for GitGuardian."
"The tool needs to be more compatible with C/C++ language"
"The product's pricing could be lower."
"The product's user documentation can be vastly improved."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"The product provides false reports sometimes."
"Lacks sufficient visibility and documentation."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
 

Pricing and Cost Advice

"The internal side is cheap per user. It is annual pricing based on the number of users."
"You get what you pay for. It's one of the more expensive solutions, but it is very good, and the low false positive rate is a really appealing factor."
"I am only aware of the base price. I do not know what happened with our purchasing team in discussions with GitGuardian. I was not privy to the overall contract, but in terms of the base MSRP price, I found it reasonable."
"The pricing and licensing are fair. It isn't very expensive and it's good value."
"The pricing for GitGuardian is fair."
"It's not cheap, but it's not crazy expensive either."
"We don't have a huge number of users, but its yearly rate was quite reasonable when compared to other per-seat solutions that we looked at... Having a free plan for a small number of users was really great. If you're a small team, I don't see why you wouldn't want to get started with it."
"We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
"SonarQube enterprise, I am not sure of the price but from what I understand they are charging a fee. It's is not clear if it is an annual fee or a one-off."
"A low cost long-term solution for non-critical situations."
"This solution is free."
"The solution is cheaper than other products."
"It's an open-source solution, with no additional costs."
"We are using the open-source community version, but there are enterprise licenses available."
"I am satisfied with the pricing."
"Some of the plugins that were previously free are not free now."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
22%
Government
10%
Media Company
9%
Wholesaler/Distributor
7%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about GitGuardian Internal Monitoring ?
It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smal...
What needs improvement with GitGuardian Internal Monitoring ?
We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories. Ideally, when a user contributes to a repository, they would be automatically...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

GitGuardian Internal Monitoring
Sonar
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Automox, 66degrees (ex Cloudbakers), Iress, Now:Pensions, Payfit, Orange, BouyguesTelecom, Seequent, Stedi, Talend, Snowflake... 
Information Not Available
Find out what your peers are saying about GitGuardian Platform vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.