Try our new research platform with insights from 80,000+ expert users

Rapid7 AppSpider vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 AppSpider
Ranking in Static Application Security Testing (SAST)
27th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
114
Ranking in other categories
Application Security Tools (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of April 2025, in the Static Application Security Testing (SAST) category, the mindshare of Rapid7 AppSpider is 0.5%, down from 0.6% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 28.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Andrei Bigdan - PeerSpot reviewer
Useful vulnerability reporting data, flexible, and simple implementation
I have had some stability problems but it could be the Microsoft Windows operating system. I found that closing other applications helps with stability. It is helpful to have as much memory as possible, such as eight gigabytes. The more pages being processed the more resources you need. I rate the stability of Rapid7 AppSpider a nine out of ten.
Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It scans all the components developed within a web application."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"The setup is usually straightforward."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"The most valuable feature is the reporting, which is compliant with international standards."
"The solution is highly stable, rated at ten out of ten."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"The initial setup is simple. It requires some security, but it's simple."
"Can tweak rules and feed them into our build pipelines."
"It is very good at identifying technical debt."
"Offers multi-programming language support"
"The product is simple."
"All the features of the solution are quite good."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"SonarQube's unit test coverage and exhaustive information at the module, project, and overall code repo levels are quite good."
 

Cons

"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"The product should offer a GUI in Japanese and provide Japanese reports for end-users."
"Integration could be better."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"AppSpider has some problems with the RAM needed while scanning."
"Support response times are slow and can be improved."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
"Dynamic scanning is missing and there are some issues with security scanning."
"Ease of use/interface."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"You may need to purchase add-ons to get the useability you desire."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
 

Pricing and Cost Advice

"The licensing cost depends on the number of users."
"AppSpider is closed-source software and you need to acquire a license in order to use it."
"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"The price is pretty fair."
"For the Community edition, there is no extra cost. It's totally free. The Enterprise edition, Data Center edition, and Developer edition are the paid versions."
"The price of this solution is more expensive than competitors. However, it works better than competitors."
"I am satisfied with the pricing."
"The tool's pricing is reasonable."
"It's an open-source solution, with no additional costs."
"We're using their free Community Edition version."
"It is very expensive. Its price should be improved."
"The product’s price is lower than Veracode’s price."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
14%
Healthcare Company
8%
Government
8%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Rapid7 AppSpider?
The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate a...
What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

AppSpider
Sonar
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Microsoft
Information Not Available
Find out what your peers are saying about Rapid7 AppSpider vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.