We performed a comparison between Parasoft SOAtest and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"The testing time is shortened because we generate test data automatically with SOAtest."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"Every imaginable source in the entire world of information technology can be accessed and used."
"They have a feature where they can record traffic and create tests on the report traffic."
"Automatic testing is the most valuable feature."
"Since the solution has both command line and automation options, it generates good reports."
"We have seen a return on investment."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"We consider it a handy tool that helps to resolve our issues immediately."
"It easily ties into our continuous integration pipeline."
"It provides the security that is required from a solution for financial businesses."
"The code coverage feature is very good."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"It has very good scalability and stability."
"From an automation point of view, it should have better clarity and be more user friendly."
"The product is very slow to start up, and that is a bit of a problem, actually."
"Reporting facilities can be better."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"The summary reports could be improved."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"The solution could improve by providing more advanced technologies."
"Expression of common vulnerabilities and exposures is not always current."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"The BPM language is important and should be considered in SonarQube."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
Parasoft SOAtest is ranked 28th in Static Application Security Testing (SAST) with 30 reviews while SonarQube is ranked 1st in Static Application Security Testing (SAST) with 110 reviews. Parasoft SOAtest is rated 8.2, while SonarQube is rated 8.0. The top reviewer of Parasoft SOAtest writes "Good API testing and RIT feature; clarity could be improved". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Parasoft SOAtest is most compared with Postman, Coverity, Polyspace Code Prover, Klocwork and ReadyAPI, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Parasoft SOAtest vs. SonarQube report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.