Try our new research platform with insights from 80,000+ expert users

SonarQube Server (formerly SonarQube) vs Tenable.io Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
Tenable.io Web Application ...
Ranking in Application Security Tools
23rd
Average Rating
7.6
Number of Reviews
15
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.7% compared to the previous year. The mindshare of Tenable.io Web Application Scanning is 1.3%, down from 1.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…
Harshal Deshmukh - PeerSpot reviewer
Jul 12, 2024
Simple tool to use, good dashboard capabilities and offers asset criticality ratings
It's nice to work with because it gives good results for web application scanning according to OWASP Top 10 and NISC. It's also a very simple tool to use It supports cybersecurity strategy. For me, it works. AndI sell this tool to my customers, and they are also happy with it. It has good…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of this solution is that it is free."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"SonarQube is scalable. My company has 50 users."
"The most valuable features are the dashboard, the ability to drill down to the code, user-friendly, and the technical debt estimation."
"SonarQube is admin friendly."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"The initial setup is straightforward."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"The most effective feature of the product is the ability to scan the entire environment."
"The solution is stable."
"It has good unified web application scanning and exposure management."
"The solution's instant reports feature is the most effective for detecting threats."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
 

Cons

"The handling of the contents of Docker container images could be better."
"The product provides false reports sometimes."
"We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"SonarQube could improve its static application security testing as per the industry standard."
"The pricing could be reduced a bit. It's a little expensive."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
"SonarQube is not development-centric like Snyk."
"Sometimes it lags with different cloud environments."
"It isn't easy to manage vulnerabilities in Tenable."
"The dashboard could be more user-friendly."
"The reporting has a very limited customization capability."
"The platform's technical support services could be better."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
"The technical support should be improved. Currently, some attacks are detected while others are not."
"It would be great if there were a dashboard that is more user-friendly."
 

Pricing and Cost Advice

"We're using the Community Edition, and we don't pay for anything."
"The development license cost is reasonable, and we've had no concerns about SonarQube when it comes to cost."
"I requested this license for one million lines of code and they accepted this."
"We're using an older version because it is the open-source flavor of it and we can continue using it at no cost. We're not paying any licensing at all, which was another factor in choosing this route so that we can learn and grow with it and not be committed to licenses and other similar things. If we choose to get something else, we have to relearn, but we don't have to relicense. Basically, we're paying no license costs."
"I think comparing the product to competitors it should be less expensive."
"We are using the free, unlicensed version."
"Some of the plugins that were previously free are not free now."
"SonarQube is a cost-effective solution."
"I rate the product's pricing a four out of ten."
"It follows the same licensing scheme as Tenable.io and Tenable. sc."
"Tenable.io Web Application Scanning is expensive for small businesses."
"The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."
"For Tenable.io Web Application Scanning, it comes to around 6,50,000 Indian rupees, plus taxes."
"The pricing is okay."
"The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
Computer Software Company
16%
Financial Services Firm
13%
Government
12%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Tenable.io Web Application Scanning?
The most effective feature of the product is the ability to scan the entire environment.
What needs improvement with Tenable.io Web Application Scanning?
We would like some additional features. Sometimes it lags with different cloud environments. Private clouds are becoming more common, and the integration lags with those compared to AWS, Azure, or ...
What advice do you have for others considering Tenable.io Web Application Scanning?
Overall, I would rate it an eight out of ten. We deploy it for customers, and it's very easy to deploy. Some people are worried about the cost, but we try to sell it at a good rate, less than the o...
 

Also Known As

Sonar
No data available
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Information Not Available
IMDEX
Find out what your peers are saying about SonarQube Server (formerly SonarQube) vs. Tenable.io Web Application Scanning and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.