Try our new research platform with insights from 80,000+ expert users

SonarQube Server (formerly SonarQube) vs Synopsys Software Risk Manager comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

SonarQube Server (formerly ...
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Application Security Tools (1st), Software Development Analytics (1st)
Synopsys Software Risk Manager
Ranking in Static Application Security Testing (SAST)
32nd
Average Rating
0.0
Number of Reviews
1
Ranking in other categories
Software Composition Analysis (SCA) (20th), Application Security Posture Management (ASPM) (4th)
 

Featured Reviews

Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…
Saravanan_Radhakrishnan - PeerSpot reviewer
Sep 27, 2023
Facilitates continuous assessment of applications, covering both static and dynamic security aspects
The requirements are in such a place where the customers want to do a continuous assessment of their applications. The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution.  Synopsys…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code."
"SonarQube is scalable. My company has 50 users."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"All the features of the solution are quite good."
"We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard."
"This solution has helped with the integration and building of our CICD pipeline."
"One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
 

Cons

"There isn't a very good enterprise report."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"Lacks sufficient visibility and documentation."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"The pricing could be reduced a bit. It's a little expensive."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
 

Pricing and Cost Advice

"This product is open source and very convenient."
"I am satisfied with the pricing."
"A low cost long-term solution for non-critical situations."
"It's an open-source solution, with no additional costs."
"SonarQube is a cost-effective solution."
"I think comparing the product to competitors it should be less expensive."
"Some of the plugins that were previously free are not free now."
"There is both a free and licensed version. The free version has limitations on development languages and support."
"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
Financial Services Firm
17%
Manufacturing Company
12%
Computer Software Company
12%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Synopsys Code Dx?
The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartne...
What is your experience regarding pricing and costs for Synopsys Code Dx?
I would rate the pricing model an eight out of ten, where one is low and ten is high. Because it is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's n...
What needs improvement with Synopsys Code Dx?
Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer migh...
 

Also Known As

Sonar
Code Dx
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Information Not Available
Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: October 2024.
814,528 professionals have used our research since 2012.