Try our new research platform with insights from 80,000+ expert users

Qualys Web Application Scanning vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

Qualys Web Application Scan...
Ranking in Application Security Tools
12th
Ranking in Static Application Security Testing (SAST)
11th
Average Rating
7.8
Number of Reviews
35
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Software Development Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of Qualys Web Application Scanning is 1.9%, down from 2.3% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

SubhajitAich - PeerSpot reviewer
Aug 25, 2023
A stable solution that can be used for infrastructure vulnerability scanning and web application scanning
We use the solution for multiple purposes, such as infrastructure vulnerability scanning and web application scanning Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box. Qualys Web Application Scanning is very complex to use,…
Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It scans web applications to identify vulnerabilities during deployment."
"​We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues.​"
"It is a good product for website penetration testing to detect vulnerabilities."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"It is easy to use."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"It is a good deal compared to all other tools on the market."
"It is working fine. It provides a good value for money."
"The product is simple."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"All the features of the solution are quite good."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"The software quality gate streamlines the product's quality."
 

Cons

"The scanner reports a lot of false positives, which is something that needs to be improved."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"We have many websites. We don't force scanning on all of them at once because it's taking some time."
"There could be better management and faster scanning."
"Deployment can be complicated."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"There are limitations to the free version that limit development options as far as languages."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"Currently requires multiple tools, lacking one overall tool."
"The tool needs to be more compatible with C/C++ language"
"The product provides false reports sometimes."
"Lacks sufficient visibility and documentation."
 

Pricing and Cost Advice

"The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."
"It is an expensive platform."
"There are different options available with respect to licensing."
"Qualys WAS' pricing is competitive."
"I rate the software’s pricing a six out of ten."
"The product pricing is fair and reasonably priced."
"Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved."
"We normally purchase an annual license."
"We did not purchase a license (required for C++ support), but this option was considered."
"The solution is cheaper than other products."
"We pay €10 per month for this solution, which is good. It provides a good value for money."
"For the Community edition, there is no extra cost. It's totally free. The Enterprise edition, Data Center edition, and Developer edition are the paid versions."
"We have a license with 125,000 lines of code. We did not purchase a lot of lines but it is specific to our code environment."
"I requested this license for one million lines of code and they accepted this."
"We are using the open-source version, which is available free of cost."
"We use the free version; there are no hidden costs or licensing required."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
10%
Government
9%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What needs improvement with Qualys Web Application Scanning?
One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version. However, as we continue to use it, we antici...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

Qualys WAS
Sonar
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Information Not Available
Find out what your peers are saying about Qualys Web Application Scanning vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.