Try our new research platform with insights from 80,000+ expert users

Qualys Web Application Scanning vs SonarQube Cloud (formerly SonarCloud) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

Qualys Web Application Scan...
Ranking in Static Application Security Testing (SAST)
11th
Average Rating
7.8
Number of Reviews
35
Ranking in other categories
Application Security Tools (12th)
SonarQube Cloud (formerly S...
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
8.2
Reviews Sentiment
6.3
Number of Reviews
11
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Static Application Security Testing (SAST) category, the mindshare of Qualys Web Application Scanning is 2.2%, down from 2.5% compared to the previous year. The mindshare of SonarQube Cloud (formerly SonarCloud) is 6.8%, up from 6.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

SubhajitAich - PeerSpot reviewer
Aug 25, 2023
A stable solution that can be used for infrastructure vulnerability scanning and web application scanning
We use the solution for multiple purposes, such as infrastructure vulnerability scanning and web application scanning Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box. Qualys Web Application Scanning is very complex to use,…
Diego Moreo - PeerSpot reviewer
Oct 7, 2024
Enhanced code quality with data consolidation needs and good pipeline integration
We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"By using QualysGuard, we are able to finish external scans with assured results in half the time.​"
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"It works with many different products."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"The solution can be installed locally."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The SaaS solution for checking code without execution and dealing with security issues is valuable."
"For what it is meant to do, it works pretty well."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The most valuable feature of SonarCloud is its overall performance."
 

Cons

"The pricing does not seem to be competitive."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"The authenticated scanning feature could be improved by adding support for real-time scanning tokens and authorization tokens."
"They should try to include business logic vulnerabilities in the scanner testing."
"The solution needs to adjust its pricing. They should make it more affordable."
"It should have better automatic reporting."
"The solution needs to improve its customization and flexibility."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"SonarCloud's UI needs enhancement."
"It would be helpful if notifications could go out to an extra person."
"We had some issues with the scanner."
"Reporting features are missing in SonarCloud."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
 

Pricing and Cost Advice

"From my perspective, it is a budget-friendly option."
"It is an expensive platform."
"I rate the software’s pricing a six out of ten."
"The product pricing is fair and reasonably priced."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
"The product has a very good licensing model."
"We are on an annual license for the solution and the pricing could be more affordable."
"Qualys Web Application Scanning's pricing is a bit expensive compared to other solutions available in the market."
"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"The current pricing is quite cheap."
"While not extremely cheap, it aligns well with market standards and offers good value."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"I am using the free version of the solution."
"I rate the pricing a five out of ten."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
10%
Government
9%
Computer Software Company
19%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What needs improvement with Qualys Web Application Scanning?
One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version. However, as we continue to use it, we antici...
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost.
What needs improvement with SonarCloud?
Reporting features are missing in SonarCloud. We do not have a way to consolidate data within the tool, requiring us to extract data and use Power BI for reports.
 

Also Known As

Qualys WAS
No data available
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Information Not Available
Find out what your peers are saying about Qualys Web Application Scanning vs. SonarQube Cloud (formerly SonarCloud) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.