Try our new research platform with insights from 80,000+ expert users

SonarQube Cloud (formerly SonarCloud) vs Synopsys API Security Testing comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SonarQube Cloud (formerly S...
Ranking in Static Application Security Testing (SAST)
8th
Average Rating
8.2
Reviews Sentiment
6.6
Number of Reviews
15
Ranking in other categories
No ranking in other categories
Synopsys API Security Testing
Ranking in Static Application Security Testing (SAST)
39th
Average Rating
7.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Static Application Security Testing (SAST) category, the mindshare of SonarQube Cloud (formerly SonarCloud) is 6.6%, down from 6.7% compared to the previous year. The mindshare of Synopsys API Security Testing is 0.1%, down from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Archana Verma - PeerSpot reviewer
Provides valuable insights on code vulnerabilities and integrates seamlessly with CI/CD pipelines
I find SonarQube Cloud to be very user-friendly with an easy-to-use interface. It provides detailed code smell reports and insights on hotspots, which can later represent security vulnerabilities. It gives precise reports compared to Coverity and has a slightly lower number of false positives. It is integrated easily with the CI/CD pipeline, saving time and cost. It provides information on upcoming vulnerability details and loopholes that might turn into vulnerabilities.
UmarQureshi - PeerSpot reviewer
Useful threat vectors, beneficial results, but implementation needed support
We are using Synopsys API Security Testing for scanning APIs for risks and vulnerabilities and to understand our posture before deployment within our business The most valuable features of Synopsys API Security Testing are the metrics, results, and threat vectors that it shares. I have been…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I find SonarQube Cloud very easy to use and simple to integrate initially."
"I find SonarQube Cloud to be very user-friendly with an easy-to-use interface."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"It is the best product we use for easy integration into YAML pipelines for scanning."
"The SaaS solution for checking code without execution and dealing with security issues is valuable."
"The most valuable feature of SonarCloud is its overall performance."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"I find SonarQube Cloud to be very user-friendly with an easy-to-use interface."
"The most valuable features of Synopsys API Security Testing are the metrics, results, and threat vectors that it shares."
 

Cons

"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"The UI can be improved."
"SonarQube Cloud needs improvements in dynamic code analysis. Static code analysis is good, but the product lacks dynamic code scanning capabilities, an area where Veracode excels."
"I need a solution that can bring together three key areas: vulnerabilities, static scanning, and misarchitecture. Currently, to achieve our expectations, we have to use more than one product, as some products excel at scanning for vulnerabilities but are poor at checking code quality."
"SonarQube Cloud could improve its vulnerability detection compared to Veracode. Additionally, it has fewer capabilities, which prompted us to use Veracode."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"Reporting features are missing in SonarCloud."
"The UI can be improved. Additionally, in future updates, I would like to see SonarQube Cloud provide more detailed solutions for fixing code issues, especially solutions related to CVEs."
"The solution required us to use our team and we spoke to Synopsys API Security Testing's support to do the implementation. We use two people from our team for the implementation. and one person for maintenance."
 

Pricing and Cost Advice

"The current pricing is quite cheap."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"I rate the pricing a five out of ten."
"While not extremely cheap, it aligns well with market standards and offers good value."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"I am using the free version of the solution."
Information not available
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
848,253 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
11%
Manufacturing Company
10%
Insurance Company
5%
Computer Software Company
23%
Financial Services Firm
20%
Manufacturing Company
15%
Insurance Company
11%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
From what I understand, SonarQube Cloud is roughly equivalent in cost to Veracode, maybe a little cheaper.
What needs improvement with SonarCloud?
SonarQube Cloud could improve its vulnerability detection compared to Veracode. Additionally, it has fewer capabilities, which prompted us to use Veracode.
Ask a question
Earn 20 points
 

Interactive Demo

Demo not available
 

Overview

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: April 2025.
848,253 professionals have used our research since 2012.