Try our new research platform with insights from 80,000+ expert users

Seeker vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Seeker
Average Rating
7.0
Reviews Sentiment
7.3
Number of Reviews
1
Ranking in other categories
Internet Security (18th), Mobile Threat Defense (14th), API Security (16th)
SonarQube Server (formerly ...
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
114
Ranking in other categories
Application Security Tools (1st), Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

Seeker and SonarQube Server (formerly SonarQube) aren’t in the same category and serve different purposes. Seeker is designed for Internet Security and holds a mindshare of 0.0%.
SonarQube Server (formerly SonarQube), on the other hand, focuses on Application Security Tools, holds 25.1% mindshare, down 26.9% since last year.
Internet Security
Application Security Tools
 

Featured Reviews

San K - PeerSpot reviewer
More effective than dynamic scanners, but is missing useful learning capabilities
One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need. The purposes for which applications are designed may differ in practice in the industry, and because of this, there will always be tools that sometimes report false positives. Thus, there should be some means with which I can customize the way that Seeker learns about our applications, possibly by using some kind of AI / ML capability within the tool that will automatically reduce the number of false positives that we get as we use the tool over time. Obviously, when we first start using the scanning tool there will be false positives, but as it keeps going and as I keep using the tool, there should be a period of time where either the application can learn how to ignore false positives, or I can customize it do so. Adding this type of functionality would definitely prevent future issues when it comes to reporting false positives, and this is a key area that we have already asked the vendor to improve on, in general. On a different note, there is one feature that isn't completely available right now where you can integrate Seeker with an open-source vulnerability scanner or composition analysis tool such as Black Duck. I would very much like this capability to be available to us out-of-the-box, so that we can easily integrate with tools like Black Duck in such a way that any open source components that are used in the front-end are easily identified. I think this would be a huge plus for Seeker. Another feature within Seeker which could benefit from improvement is active verification, which lets you actively verify a vulnerability. This feature currently doesn't work in certain applications, particularly in scenarios where you have requested tokens. When we bought the tool, we didn't realize this and we were not told about it by the vendor, so initially it was a big challenge for us to overcome it and properly begin our deployment.
Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"A significant advantage of Seeker is that it is an interactive scanner, and we have found it to be much more effective in reducing the amount of false positives than dynamic scanners such as AppScan, Micro Focus Fortify, etc. Furthermore, with Seeker, we are finding more and more valid (i.e. "true") positives over time compared with the dynamic scanners."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"SonarQube is good for checking and maintaining code quality."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools."
 

Cons

"One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
"I have found this solution creates more noise than competitors."
"It would be better if SonarQube provided a good UI for external configuration."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"There are limitations to the free version that limit development options as far as languages."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"There needs to be a shareable reporting piece or something we can click and generate easily."
 

Pricing and Cost Advice

"The licensing for Seeker is user-based and for 50 users I believe it costs about $70,000 per year."
"We pay €10 per month for this solution, which is good. It provides a good value for money."
"Some of the plugins that were previously free are not free now."
"SonarQube is an open-source product that can be used free of charge."
"We did not purchase a license (required for C++ support), but this option was considered."
"I requested this license for one million lines of code and they accepted this."
"We use the solution free of cost."
"We are using the open-source community version, but there are enterprise licenses available."
"We're using the Community Edition, and we don't pay for anything."
report
Use our free recommendation engine to learn which Internet Security solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
22%
Computer Software Company
13%
Government
13%
Manufacturing Company
10%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

No data available
Sonar
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

El Al Airlines and Société Française du Radiotelephone
Information Not Available
Find out what your peers are saying about Cisco, Zscaler, Forcepoint and others in Internet Security. Updated: April 2025.
848,716 professionals have used our research since 2012.