Try our new research platform with insights from 80,000+ expert users

SonarQube Server (formerly SonarQube) vs Tenable.io Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
114
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
Tenable.io Web Application ...
Ranking in Application Security Tools
20th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
17
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Application Security Tools category, the mindshare of SonarQube Server (formerly SonarQube) is 25.1%, down from 26.9% compared to the previous year. The mindshare of Tenable.io Web Application Scanning is 1.2%, down from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.
Harshal Deshmukh - PeerSpot reviewer
Simple tool to use, good dashboard capabilities and offers asset criticality ratings
It has good dashboard capabilities and gives good results with priority ratings, asset criticality ratings, and exposure scores for vulnerabilities. It also provides automated web application scanning, which customers appreciate because it doesn't disturb the web application or hamper the business. While testing the web application, sometimes it happens that the website or application goes down. But with Tenable.io Web Application Scanning, it doesn't affect the business. It has good unified web application scanning and exposure management.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"SonarQube is good for checking and maintaining code quality."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"The most valuable features are code scanning and Quality Gates."
"The SonarQube dashboard looks great."
"We have worked with the support from SonarQube and we have had good experiences."
"I like that it covers most programming languages for source code review."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"Tenable.io Web Application Scanning provides a detailed report, identifying functions that are complex and need to be more maintainable and readable."
"It is fully automated."
"I would recommend Tenable.io Web Application Scanning to others."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"The solution's instant reports feature is the most effective for detecting threats."
"We can get detailed information about vulnerabilities."
"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."
 

Cons

"The solution could improve by having better-consulting services."
"If you don't have any experience with the configuration or how to configure the files, it can be complicated."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
"I would like to see dynamic code analysis in the next version of the software."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"SonarQube is not development-centric like Snyk."
"The report customization needs to be better."
"The dashboard could be more user-friendly."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"The market is standard for vulnerability scanning, however, the posture can be improved through Tenable's prioritization engine."
"The solution's dashboards could be improved and made more user-friendly."
"Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive."
"It isn't easy to manage vulnerabilities in Tenable."
"Tenable.io Web Application Scanning could improve by offering faster fuzzing."
 

Pricing and Cost Advice

"We are using the free, unlicensed version."
"As a user and a consumer of this solution, it can be pricey for my company to support and use, even though there are many benefits. For this reason, we use the free version. In the future, as our product cycles develop and evolve at a more steady pace, we hope to invest in the licensing for this tool."
"It's a bit expensive for us. The currency rate of the dollar is a problem but it may be fine for other countries."
"My guess is that we have a yearly subscription. We use it quite extensively, so a monthly license wouldn't make sense. Yearly subscriptions are usually cheaper. In addition to the standard licensing fee, there is just the cost of running the hardware where it is hosted."
"I use the full trial version of SonarQube."
"SonarQube is a fairly affordable solution for a larger scale if you have a specific role or specific department for secure code."
"The beauty of this solution is the free open-source version is capable enough in doing pretty much what an enterprise-level version can do."
"We use the solution free of cost."
"For Tenable.io Web Application Scanning, it comes to around 6,50,000 Indian rupees, plus taxes."
"It follows the same licensing scheme as Tenable.io and Tenable. sc."
"The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."
"The pricing is okay."
"I rate the product's pricing a four out of ten."
"The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."
"Tenable.io Web Application Scanning is expensive for small businesses."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
Financial Services Firm
14%
Computer Software Company
13%
Government
12%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Tenable.io Web Application Scanning?
The most effective feature of the product is the ability to scan the entire environment.
What needs improvement with Tenable.io Web Application Scanning?
Improvements could include providing coverage reports in the free version and features related to security reports. Also, enhancing technical support would be beneficial as there is room for improv...
What advice do you have for others considering Tenable.io Web Application Scanning?
I would recommend Tenable.io Web Application Scanning as it provides us with good reports, which help improve our code base, despite the lack of financial benefits. Overall, I would rate it seven o...
 

Also Known As

Sonar
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Information Not Available
IMDEX
Find out what your peers are saying about SonarQube Server (formerly SonarQube) vs. Tenable.io Web Application Scanning and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.