Try our new research platform with insights from 80,000+ expert users

Polyspace Code Prover vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

Polyspace Code Prover
Ranking in Application Security Tools
21st
Average Rating
7.8
Number of Reviews
6
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of Polyspace Code Prover is 1.0%, up from 0.7% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Pradeep Panchakarla - PeerSpot reviewer
Nov 29, 2023
A reliable solution that provides excellent features and detects memory corruption
We use the solution to check the runtime issues of our programming The product runs the code based on our application loop and tries to find run time overflows of the variable and out-of-boundary memory issues. The product detects memory corruptions. It also detects undefined memory access and…
Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"Polyspace Code Prover is a very user-friendly tool."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"The product detects memory corruptions."
"The outputs are very reliable."
"SonarQube's unit test coverage and exhaustive information at the module, project, and overall code repo levels are quite good."
"Any developer can easily identify issues using the process flow or steps provided by SonarQube. In terms of integration, SonarQube makes it quite easy, simplifying the steps for users."
"It is working fine. It provides a good value for money."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"The most valuable features are code scanning and Quality Gates."
"I like that it helps us maintain our work quality and code security."
 

Cons

"Using Code Prover on large applications crashes sometimes."
"The tool has some stability issues."
"Automation could be a challenge."
"One of the main disadvantages is the time it takes to initiate the first run."
"I'd like the data to be taken from any format."
"The product's user documentation can be vastly improved."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
"We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."
"When we have a thousand products published over it, we expect it to be more efficient in terms of serving requests from the browser."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
 

Pricing and Cost Advice

"We use the paid version."
"We use the solution free of cost."
"People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it."
"This solution is free."
"There are many different packages with different pricing options available. We are able to try what we have and if we need extra features we can upgrade the license."
"We are using the open-source community version, but there are enterprise licenses available."
"It's an open-source solution, with no additional costs."
"We're using their free Community Edition version."
"Can try developer version for 14 days on the free trial."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
37%
Computer Software Company
13%
Transportation Company
5%
Financial Services Firm
4%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Polyspace Code Prover?
When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts,...
What needs improvement with Polyspace Code Prover?
I'm still trying to use constraints with range propagation, but I can't get it to work properly, and I haven't found any documentation. It require support. There could be an issue with range propag...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

No data available
Sonar
 

Learn More

Video not available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Alenia Aermacchi, CSEE Transport, Delphi Diesel Systems, EADS, Institute for Radiological Protection and Nuclear Safety, Korean Air, KOSTAL, Miracor, NASA Ames Research Center
Information Not Available
Find out what your peers are saying about Polyspace Code Prover vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.