What users are saying about
6 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
45 Ratings
6 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.6 out of 100

SonarQube

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
45 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.3 out of 100

Likelihood to Recommend

Netsparker

Netsparker is very thorough but can take a very long time to scan a web application. It can also take a long time to learn and configure. Its thoroughness is a very good part of the product but if the application does [not] need this thoroughness it is probably a waste of time to run Netsparker on the website.
Glenn Jones | TrustRadius Reviewer

SonarQube

SonarQube has a friendly UI that is easy to use and understand. The admin's control panel is very good and It's not really difficult to get through the settings. Its possible to build many rules that apply for each programming language, for example, .NET, and Java. You can easily set up rules and even with the community version. It's a great tool but you have to have a good project plan before being introduced to the tools. I would recommend using the SonarQube open-source version to get used to it before purchasing the license. Before we go with an enterprise product, we have to know the terms and how things are done to run software quality
Debobrata Bose | TrustRadius Reviewer

Pros

Netsparker

  • NetSparker has excellent customer service. When our team had to learn to use it for the first time, we had to communicate directly with NetSparker consultants.
  • NetSparker is very user-friendly. It's UI is organized and keeps all the different scans we have set-up in a very clean visual.
  • Netsparker has a selection of workflows and integration tools that make it useful for keeping all of my teammates on the same page.
Jatel Desai | TrustRadius Reviewer

SonarQube

  • Best thing about it is that it offers an online instance (SonarCloud) where we can dry run an open source project by forking a github repository
  • Provides detailed analysis of the stacks that it checks for bugs and issues in code stacks.
  • Provides a good amount of documentation on how for configuration and installation and how to use it.
  • Provides a strong integration with azure devops and jenkins for creating DSL pipelines.
Arush Soel | TrustRadius Reviewer

Cons

Netsparker

  • Netsparker Cloud is expensive and restricts the number of website URLs that you are allowed to scan. This restricts us from scanning all of the websites that we create and only allows us to scan a small subset of number of the website we produce.
  • Netsparker is difficult to configure and I often need to open a ticket with support to figure out how to use the product. I have been vulnerability testing websites for over 10 years and I still don't think I really know how to use Netsparker.
  • Netsparker can take a very long time to complete a scan due to the number of items it can scan for. Be certain to reduce the technologies that your scan will be looking at. Also, expect a large website to possibly take over two days to complete. Not something you really want to have happen on a developer checking on some source code.
Glenn Jones | TrustRadius Reviewer

SonarQube

  • Local dashboard wont work without java installed on your machine
  • If talking about the local ui the configuration may be quite complex. Needs an experts advise
  • Its enterprise edition cost a fortune depending on a company size or users that may use it.
Arush Soel | TrustRadius Reviewer

Support Rating

Netsparker

Netsparker 10.0
Based on 2 answers
NetSparker support is amazing. When first introducing this software to the team, there was a lot of communication going on between Netsparker consultants and our team. They have answered our questions very efficiently and have had consultants come to our department for training. They are open to suggestions for improvements and enhancements as well.
Jatel Desai | TrustRadius Reviewer

SonarQube

SonarQube 9.0
Based on 2 answers
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Anonymous | TrustRadius Reviewer

Alternatives Considered

Netsparker

I currently use OWASP ZAP, Burp Suite Professional and Veracode Dynamic Scan. ZAP is very easy to use and the web developers use it regularly. Burp Suite is very customizable as is Netsparker but usually take much less time to scan a website. Both of these tools are programmable and allow me to add special items to a scan when I need it. They are also much better documented. Veracode also has a static code analysis tool that we use much more often then the dynamic analysis tool but we do use both parts of Veracode.
Glenn Jones | TrustRadius Reviewer

SonarQube

I personally evaluated klocwork in a previous company and it worked well for Static Code Analysis for C++ applications but the Java support was not as good as SonarQube. Also the overall tooling and integrations provided by SonarQube is stellar and very other competitors can provide such services and IDE integrations.The output results from SonarQube tests can be easily read, including by other services for automation purposes, and creating reports for audits or other teams is nice and easy.
Daniel Anjos | TrustRadius Reviewer

Return on Investment

Netsparker

  • NetSparker has saved the team a lot of time since the scans quicker than our older software.
  • NetSparker has been costing the company a lot compared to previous security software.
  • Netsparker has helped improved our overall business objectives by finding an efficient and collaborative way to run scans on our systems.
Jatel Desai | TrustRadius Reviewer

SonarQube

  • Our business has shifted to do more business online. This in turn has placed more importance on writing solid business critical applications. SonarQube has forced all developers to write better code and to have better code coverage with unit tests.
  • A negative impact has been seen when SonarQube has been applied for the first time to existing applications. If an application did not have enough code coverage and SonarQube was added to the continuous integration process, a lot of time was needed to get code coverage high enough to allow code to be checked in. We only found that out during the check-in process. We thought we were done development during the check-in process but then found out that there wasn't enough code coverage and had to delay the feature launch.
Anonymous | TrustRadius Reviewer

Screenshots

Pricing Details

Netsparker

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Starting Price

Netsparker Editions & Modules

Additional Pricing Details

SonarQube

General

Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
No

Starting Price

$0

SonarQube Editions & Modules

Edition
CommunityFree
Developer EDITIONStarts at $1502
Enterprise EDITIONStarts at $20,0003
Data Center EDITIONStarts at $130,0004
  1. none
  2. 100,000 Lines of Code
  3. 1 Million Lines of Code
  4. 20 Million Lines of Code
Additional Pricing Details

Add comparison