We performed a comparison between ShiftLeft and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code."
"Strong code evaluation for budget-minded clients."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"SonarQube is good for checking and maintaining code quality."
"The overall quality of the indicator is good."
"I like that it covers most programming languages for source code review."
"The product has a friendly UI that is easy to use and understand."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
"The product needs to integrate other security tools for security scanning."
"Expression of common vulnerabilities and exposures is not always current."
"I would like to see more options for security, beyond the basics like SQL injection."
"We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major."
"The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at."
"There are limitations to the free version that limit development options as far as languages."
"We did have some trouble with the LDAP integration for the console."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
ShiftLeft is ranked 26th in Application Security Tools with 1 review while SonarQube is ranked 1st in Application Security Tools with 110 reviews. ShiftLeft is rated 10.0, while SonarQube is rated 8.0. The top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". ShiftLeft is most compared with Black Duck and Semgrep Supply Chain, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.