Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs SonarQube Cloud (formerly SonarCloud) comparison

HCLSoftware and Sonar are both solutions in the Static Application Security Testing (SAST) category. HCLSoftware is ranked #12 with an average rating of 8.0, while Sonar is ranked #10 with an average rating of 8.6. HCLSoftware holds a 2.8% mindshare in SAST, compared to Sonar’s 6.8% mindshare. Additionally, 82% of HCLSoftware users are willing to recommend the solution, compared to 100% of Sonar users who would recommend it.
HCL AppScan
Read 42 HCL AppScan reviews
  • 4,804 Views
  • 3,692 Comparison Views
82% willing to recommend
SonarQube Cloud (formerly S...
Read 11 SonarQube Cloud (formerly SonarCloud) reviews
  • 10,719 Views
  • 8,536 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 30, 2024

HCL AppScan and SonarQube Cloud are competing tools in software security and code quality analysis. HCL AppScan seems to have the upper hand in security testing capabilities, offering robust vulnerability scanning, while SonarQube Cloud is favored for comprehensive code quality analysis and seamless integration with development workflows.

Features: HCL AppScan offers detailed vulnerability scanning and compliance solutions, supporting a wide range of programming languages. Its security insights are granular, making it flexible for various needs. SonarQube Cloud provides deep code quality checks with integration into CI/CD pipelines. It offers insightful code metrics and a user-friendly dashboard to track code quality over time.

Room for Improvement: HCL AppScan could improve its integration with agile development workflows and reduce its deployment complexity. It may also work on minimizing false positives to enhance user experience. SonarQube Cloud can offer better documentation for integration, improve performance for large enterprises, and refine its handling of false positives to increase trust.

Ease of Deployment and Customer Service: HCL AppScan offers a traditional deployment model, which might require more time to learn but is adaptable to specific enterprise needs. Its customer service is accessible and comprehensive. SonarQube Cloud's deployment is cloud-based, allowing for simplicity and quick setup, renowned for its agility in agile development environments.

Pricing and ROI: HCL AppScan generally has higher upfront costs reflecting its enterprise-level features, offering high ROI in security-focused environments. SonarQube Cloud provides flexible pricing and significant ROI by improving code quality and reducing technical debt, making it a cost-effective option for budget-conscious teams.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed HCL AppScan vs. SonarQube Cloud (formerly SonarCloud) Report (Updated: October 2024).
Buyer's Guide
HCL AppScan vs. SonarQube Cloud (formerly SonarCloud)
October 2024
Download the complete report
Helped 814,528 peers since 2012
 

Categories and Ranking

HCL AppScan
Ranking in Static Application Security Testing (SAST)
12th
Average Rating
7.8
Number of Reviews
42
Ranking in other categories
Application Security Tools (13th), Dynamic Application Security Testing (DAST) (1st)
SonarQube Cloud (formerly S...
Ranking in Static Application Security Testing (SAST)
10th
Average Rating
8.2
Reviews Sentiment
6.3
Number of Reviews
11
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Static Application Security Testing (SAST) category, the mindshare of HCL AppScan is 2.8%, up from 2.9% compared to the previous year. The mindshare of SonarQube Cloud (formerly SonarCloud) is 6.8%, up from 6.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Gladwin Christian - PeerSpot reviewer
Sep 29, 2023
A useful tool to scan applications that can be easily installed
Given that we have been using HCL AppScan for many years, I think the setup process is not difficult at all. Sometimes, some issues stop or prevent my company from moving forward with the product's setup phase. We have to call HCL's support team and engage in long discussions to smoothly carry out the setup phase. In general, the product's setup phase is not difficult in our company. The solution is deployed on an on-premises model. The licenses for the solution are available only on cloud deployments nowadays. The solution is already installed in our environment. Every time a new release or software comes out from HCL, our company does a scan, which takes maybe a day or two.
Read full review
Diego Moreo - PeerSpot reviewer
Oct 7, 2024
Enhanced code quality with data consolidation needs and good pipeline integration
We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is easy to use."
"The static scans are good, and the SaaS as well."
"The product has valuable features for static and dynamic testing."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"The most valuable feature of the solution is the scanning or security part."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"The platform has valuable security features, helping us identify sensitive code issues and the possibility of internal applications' exposure to external threats."
More HCL AppScan pros
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"The SaaS solution for checking code without execution and dealing with security issues is valuable."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"The most valuable feature of SonarCloud is its overall performance."
"For what it is meant to do, it works pretty well."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"The solution can be installed locally."
More SonarQube Cloud (formerly SonarCloud) pros
 

Cons

"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"The pricing has room for improvement."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"It has crashed at times."
More HCL AppScan cons
"The solution needs to improve its customization and flexibility."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"It would be helpful if notifications could go out to an extra person."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"We had some issues with the scanner."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"Reporting features are missing in SonarCloud."
"SonarCloud's UI needs enhancement."
More SonarQube Cloud (formerly SonarCloud) cons
 

Pricing and Cost Advice

"I rate the product's price a seven on a scale of one to ten, where one is low, and ten is high. HCL AppScan is an expensive tool."
"Our clients are willing to pay the extra money. It is expensive."
"The solution is cheap."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"The price is very expensive."
"The product has premium pricing and could be more competitive."
More HCL AppScan pricing and cost advice
"I am using the free version of the solution."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"I rate the pricing a five out of ten."
"While not extremely cheap, it aligns well with market standards and offers good value."
"The current pricing is quite cheap."
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
14%
Manufacturing Company
11%
Government
9%
Computer Software Company
19%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
See all answers
What needs improvement with HCL AppScan?
They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities.
See all answers
What is your primary use case for HCL AppScan?
We use AppScan primarily for security testing and performance monitoring across our systems.
See all answers
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
See all answers
What is your experience regarding pricing and costs for SonarCloud?
Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost.
See all answers
What needs improvement with SonarCloud?
Reporting features are missing in SonarCloud. We do not have a way to consolidate data within the tool, requiring us to extract data and use Power BI for reports.
See all answers
 

Comparisons

Acunetix vs HCL AppScan Logo
Acunetix vs HCL AppScan
Compared 14% of the time
SonarQube Server (formerly SonarQube) vs HCL AppScan Logo
SonarQube Server (formerly SonarQube) vs HCL AppScan
Compared 13% of the time
Veracode vs HCL AppScan Logo
Veracode vs HCL AppScan
Compared 11% of the time
Fortify on Demand vs HCL AppScan Logo
Fortify on Demand vs HCL AppScan
Compared 8% of the time
PortSwigger Burp Suite Professional vs HCL AppScan Logo
PortSwigger Burp Suite Professional vs HCL AppScan
Compared 7% of the time
More HCL AppScan Competitors
SonarQube Server (formerly SonarQube) vs SonarQube Cloud (formerly SonarCloud) Logo
SonarQube Server (formerly SonarQube) vs SonarQube Cloud (formerly SonarCloud)
Compared 73% of the time
Veracode vs SonarQube Cloud (formerly SonarCloud) Logo
Veracode vs SonarQube Cloud (formerly SonarCloud)
Compared 8% of the time
Checkmarx One vs SonarQube Cloud (formerly SonarCloud) Logo
Checkmarx One vs SonarQube Cloud (formerly SonarCloud)
Compared 4% of the time
GitLab vs SonarQube Cloud (formerly SonarCloud) Logo
GitLab vs SonarQube Cloud (formerly SonarCloud)
Compared 4% of the time
Kiuwan vs SonarQube Cloud (formerly SonarCloud) Logo
Kiuwan vs SonarQube Cloud (formerly SonarCloud)
Compared 0% of the time
More SonarQube Cloud (formerly SonarCloud) Competitors
 

Product Reports

Buyer's Guide
HCL AppScan
October 2024
HCL AppScan reportDownload HCL AppScan product report
Buyer's Guide
SonarQube Cloud (formerly SonarCloud)
October 2024
SonarQube Cloud (formerly SonarCloud) reportDownload SonarQube Cloud (formerly SonarCloud) product report
 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
No data available
 

Learn More

HCLSoftware
Sonar
 

Interactive Demo

Demo not available
HCLSoftware
Sonar
 

Overview

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.

SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.

What are the key features of SonarQube Cloud?
  • Vulnerability Detection: Identifies potential security threats within code.
  • Security Hotspots: Highlights sections of the code that require closer inspection.
  • Feedback on Feature Branches: Enables early detection and resolution of quality issues.
  • No Maintenance: Ensures focus remains on development rather than tool upkeep.
  • Mono and Multi-Reports: Offers diverse insights into code quality.
What benefits should users look for?
  • Integration Ease: Seamlessly connects with popular development platforms.
  • Continuous Code Analysis: Provides consistent feedback to improve code standards.
  • Unified Quality View: Dashboard offers a comprehensive look at code metrics.
  • Security Insights: Detailed information on vulnerabilities and their impact.

In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Information Not Available
Buyer's Guide
HCL AppScan vs. SonarQube Cloud (formerly SonarCloud)
October 2024
Free Report: HCL AppScan vs. SonarQube Cloud (formerly SonarCloud)
Find out what your peers are saying about HCL AppScan vs. SonarQube Cloud (formerly SonarCloud) and other solutions. Updated: October 2024.
DOWNLOAD NOW
814,528 professionals have used our research since 2012.
See our HCL AppScan vs. SonarQube Cloud (formerly SonarCloud) report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.