What users are saying about

Acunetix vs SonarQube

Acunetix
7 Ratings
SonarQube
25 Ratings

Acunetix

7 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 6.8 out of 100

Based on 7 reviews and ratings

SonarQube

25 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.5 out of 100

Based on 25 reviews and ratings

Likelihood to Recommend

Acunetix

It is suited well for ad-hoc and scheduled application vulnerability scans. You must review the results to manually filter out false-positives. You must always keep in mind that this is only a vulnerability scan. It can only find a certain class of vulnerabilities, and it can only do that so well. You should definitely not rely on this tool alone for identifying problems. That being said, I have used it along with every other major commercial vulnerability scanner and find it to the best overall ROI compared to more expensive commercial scanners that don't necessarily give you a better user experience or better vulnerability results. I rarely need support from the vendor, but when I do, they have been responsive and able to solve the issue quickly.

Read full review

Aaron Bryson | TrustRadius Reviewer
Aaron Bryson
View all 1 answers on this topic

SonarQube

SonarQube has been well suited for us when new devleopers start working on our projects. With SonarQube checking code smells and our custom coding stardards, new developers write better code with less errors as outlined by our development standards.It is also very handy to have SonarQube built right into our continuous integration process. Doing it this way results in having less worry around whether our coding standards have been followed. They are automatically applied before code is checked in.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 5 answers on this topic

Pros

Acunetix

  • Fast.
  • Easy-to-use.
  • Great customer support.
  • Reporting features.
  • Supports importing state files from other popular application testing tools.
  • Has other features built-in beyond just scanning for vulnerabilities.

Read full review

Aaron Bryson | TrustRadius Reviewer
Aaron Bryson
View all 1 answers on this topic

SonarQube

  • Core competency of static analysis. This is why SonarQube exists and it does it exceedingly well.
  • Customized quality settings let you tailor the tool for your specific needs.
  • Support for many languages including C, C++, Python, and more.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 5 answers on this topic

Cons

Acunetix

  • Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
  • Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
  • The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.

Read full review

Aaron Bryson | TrustRadius Reviewer
Aaron Bryson
View all 1 answers on this topic

SonarQube

  • Have a way to ignore the issues that the team decides not to fix.

Read full review

Hung Vu | TrustRadius Reviewer
Hung Vu
View all 5 answers on this topic

Support Rating

Acunetix

No score
No answers yet
No answers on this topic

SonarQube

SonarQube 9.0
Based on 2 answers
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 2 answers on this topic

Alternatives Considered

Acunetix

Every year, we re-evaluate the tools we are using and licensing. We balance the ever-changing vendor licensing-models, costs, tool features/usability, etc. For the last few years, this has been the best overall commercial tool for our specific use case. However, this is only one of many tools that we use and need.

Read full review

Aaron Bryson | TrustRadius Reviewer
Aaron Bryson
View all 1 answers on this topic

SonarQube

Gitlab, if you have the right license, ships with a static analysis tool. It integrates better with Gitlab, but didn't seem to have the same quality output that Sonarqube did. Sonarqube's community version is plenty suitable for day to day analysis operations.

Read full review

Anonymous | TrustRadius Reviewer
Verified User
View all 5 answers on this topic

Return on Investment

Acunetix

  • Saved money compared to other commercial scanners, especially over the long run.
  • Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
  • A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.

Read full review

Aaron Bryson | TrustRadius Reviewer
Aaron Bryson
View all 1 answers on this topic

SonarQube

  • It became easy to identify the bugs and issue generation.
  • It is open source thus saving money.
  • Enhances the code quality and standard.

Read full review

Sanyam Jain | TrustRadius Reviewer
Sanyam Jain
View all 5 answers on this topic

Screenshots

SonarQube

Pricing Details

Acunetix

General

Free Trial
Yes
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

SonarQube

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Add comparison