Try our new research platform with insights from 80,000+ expert users

SonarQube Server (formerly SonarQube) vs Tenable.io Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
114
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
Tenable.io Web Application ...
Ranking in Application Security Tools
20th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
17
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Application Security Tools category, the mindshare of SonarQube Server (formerly SonarQube) is 25.1%, down from 26.9% compared to the previous year. The mindshare of Tenable.io Web Application Scanning is 1.2%, down from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.
Harshal Deshmukh - PeerSpot reviewer
Simple tool to use, good dashboard capabilities and offers asset criticality ratings
It has good dashboard capabilities and gives good results with priority ratings, asset criticality ratings, and exposure scores for vulnerabilities. It also provides automated web application scanning, which customers appreciate because it doesn't disturb the web application or hamper the business. While testing the web application, sometimes it happens that the website or application goes down. But with Tenable.io Web Application Scanning, it doesn't affect the business. It has good unified web application scanning and exposure management.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"It is a very good tool for analysis despite its limitations."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"The product has a friendly UI that is easy to use and understand."
"The static code analysis is very good."
"We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage."
"The solution's user interface is very user-friendly."
"It's enabled us to improve software quality and help us to disseminate best practices."
"The solution is stable."
"I would recommend Tenable.io Web Application Scanning to others."
"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."
"It has good unified web application scanning and exposure management."
"All the features are valuable to us as they offer cutting-edge scanning methods and address the latest issues with a contemporary approach. Tenable.io Web Application Scanning is highly stable. I rate it a nine out ten. Since the solution works on the Cloud, it's highly scalable. I rate the scalability a nine out of ten. The setup of the solution is straightforward. The Return on Investment is substantial. I recommend the solution to all."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"We can get detailed information about vulnerabilities."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
 

Cons

"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"Currently requires multiple tools, lacking one overall tool."
"I would like to see dynamic code analysis in the next version of the software."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"The tool needs to be more compatible with C/C++ language"
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"Tenable.io Web Application Scanning conducts a general scan, which wastes time. The scan needs to be specific."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"The technical support should be improved. Currently, some attacks are detected while others are not."
"The market is standard for vulnerability scanning, however, the posture can be improved through Tenable's prioritization engine."
"The reporting has a very limited customization capability."
"Sometimes it lags with different cloud environments."
"The platform's technical support services could be better."
"It isn't easy to manage vulnerabilities in Tenable."
 

Pricing and Cost Advice

"We use the solution free of cost."
"We're using an older version because it is the open-source flavor of it and we can continue using it at no cost. We're not paying any licensing at all, which was another factor in choosing this route so that we can learn and grow with it and not be committed to licenses and other similar things. If we choose to get something else, we have to relearn, but we don't have to relicense. Basically, we're paying no license costs."
"We're using the Community Edition, and we don't pay for anything."
"I am satisfied with the pricing."
"SonarQube is a cost-effective solution."
"It's an open-source solution, with no additional costs."
"Compared to similar solutions, SonarQube was more accessible to us and had more benefits, with regards to size of the code base and supported languages. Apart from the Enterprise licensing fee, there are no additional costs."
"There is both a free and licensed version. The free version has limitations on development languages and support."
"For Tenable.io Web Application Scanning, it comes to around 6,50,000 Indian rupees, plus taxes."
"The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."
"It follows the same licensing scheme as Tenable.io and Tenable. sc."
"I rate the product's pricing a four out of ten."
"The pricing is okay."
"The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."
"Tenable.io Web Application Scanning is expensive for small businesses."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
Financial Services Firm
14%
Computer Software Company
13%
Government
11%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Tenable.io Web Application Scanning?
The most effective feature of the product is the ability to scan the entire environment.
What needs improvement with Tenable.io Web Application Scanning?
The market is standard for vulnerability scanning, however, the posture can be improved through Tenable's prioritization engine. This is one key area for improvement.
What advice do you have for others considering Tenable.io Web Application Scanning?
I would recommend Tenable.io Web Application Scanning to others. I rate the overall solution a nine out of ten.
 

Also Known As

Sonar
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Information Not Available
IMDEX
Find out what your peers are saying about SonarQube Server (formerly SonarQube) vs. Tenable.io Web Application Scanning and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.