Try our new research platform with insights from 80,000+ expert users

GitHub Advanced Security vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

GitHub Advanced Security
Ranking in Application Security Tools
11th
Average Rating
8.6
Reviews Sentiment
7.6
Number of Reviews
9
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
114
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of April 2025, in the Application Security Tools category, the mindshare of GitHub Advanced Security is 8.6%, up from 2.8% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 25.1%, down from 26.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Sabna Sainudeen - PeerSpot reviewer
Seamlessly integrates into developer environment for streamlined code scanning
GitHub Advanced Security should look into API security issues, which they currently do not. Additionally, open-source security vulnerabilities are not getting updated in a timely manner. There are features in GitHub Advanced Security that cannot be used within Microsoft, which is strange since they are the same company. It should also focus on developing a software bill of materials (SBOM) to see all open software used in one place.
Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I have not experienced any performance or stability issues with GitHub Advanced Security."
"GitHub Advanced Security is a very developer-friendly solution that is integrated within my development environment."
"The most valuable is the developer experience and the extensibility of the overall ecosystem."
"GitHub Advanced Security uses artificial intelligence in the backend, specifically CodeQL, to analyze code and provide fewer but more reliable findings, so there are less false positives."
"Dependency scanning is a valuable feature."
"The initial setup was straightforward and completed in a matter of minutes."
"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"This solution is simple to use and can be quickly deployed."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"It provides the security that is required from a solution for financial businesses."
"The good thing with SonarQube is it covers a lot of issues, it's a very robust framework."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"It is a very good tool for analysis and security vulnerability checking."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
 

Cons

"The customizations are a little bit difficult."
"Maybe make it compatible with more programming languages. Have a customized ruleset where the end-user can create their own rules for scanning."
"For GitHub Advanced Security, I would like to see more support for various programming languages."
"GitHub Advanced Security should look into API security issues, which they currently do not. Additionally, open-source security vulnerabilities are not getting updated in a timely manner."
"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."
"Open-source security vulnerabilities are not getting updated in a timely manner."
"There could be DST features included in the product."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"Currently requires multiple tools, lacking one overall tool."
"There are limitations to the free version that limit development options as far as languages."
"The reporting can be improved."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"SonarQube is not development-centric like Snyk."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
 

Pricing and Cost Advice

"The current licensing model, which relies on active commitments, poses challenges, particularly in predicting and managing growth."
"The solution is expensive."
"On the pricing side, it's 3,000 Euros for 1 million lines of code."
"The solution is cheaper than other products."
"This product is open source and very convenient."
"The price point on SonarQube is good."
"It's a bit expensive for us. The currency rate of the dollar is a problem but it may be fine for other countries."
"As a user and a consumer of this solution, it can be pricey for my company to support and use, even though there are many benefits. For this reason, we use the free version. In the future, as our product cycles develop and evolve at a more steady pace, we hope to invest in the licensing for this tool."
"SonarQube enterprise, I am not sure of the price but from what I understand they are charging a fee. It's is not clear if it is an annual fee or a one-off."
"The tool's pricing is reasonable."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Computer Software Company
12%
Manufacturing Company
8%
Government
7%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about GitHub Advanced Security?
It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part.
What needs improvement with GitHub Advanced Security?
GitHub Advanced Security should look into API security issues, which they currently do not. Additionally, open-source security vulnerabilities are not getting updated in a timely manner. There are ...
What is your primary use case for GitHub Advanced Security?
I use GitHub Advanced Security for source code analysis and code scanning. It is integrated within my development environment and is beneficial for organizations where all development is within Git...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

No data available
Sonar
 

Interactive Demo

Demo not available
 

Overview

Find out what your peers are saying about GitHub Advanced Security vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: March 2025.
842,767 professionals have used our research since 2012.