TrustRadius

Fortify by OpenText vs. SonarQube for IDE

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Fortify by OpenText
Score 9.0 out of 10
N/A
An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.N/A
SonarQube for IDE
Score 8.3 out of 10
N/A
SonarQube for IDE is a free IDE plugin that helps developers by detecting and highlighting issues in their code in real time. Like a spell checker, SonarLint detects Bugs, code smells, and Security Vulnerabilities as code is written, and offers guidance.
$0
Pricing
Fortify by OpenTextSonarQube for IDE
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Fortify by OpenTextSonarQube for IDE
Free Trial
NoYes
Free/Freemium Version
NoYes
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Fortify by OpenTextSonarQube for IDE
Best Alternatives
Fortify by OpenTextSonarQube for IDE
Small Businesses
GitLab
GitLab
Score 8.8 out of 10
Microsoft Visual Studio Code
Microsoft Visual Studio Code
Score 9.3 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.8 out of 10
Microsoft Visual Studio Code
Microsoft Visual Studio Code
Score 9.3 out of 10
Enterprises
Veracode
Veracode
Score 8.8 out of 10
Microsoft Visual Studio Code
Microsoft Visual Studio Code
Score 9.3 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Fortify by OpenTextSonarQube for IDE
Likelihood to Recommend
9.0
(6 ratings)
8.0
(1 ratings)
Likelihood to Renew
10.0
(1 ratings)
-
(0 ratings)
Usability
7.0
(1 ratings)
-
(0 ratings)
Support Rating
10.0
(1 ratings)
-
(0 ratings)
User Testimonials
Fortify by OpenTextSonarQube for IDE
Likelihood to Recommend
OpenText
It is best suited for runtime application security scanning and very useful for automation. You can seemlessly integrate with pipeline for dynamic scans. Cloud based apps can also be scanned for vulnerabilities, cross site scripting attacks. Basically all OWASP TOP 10. It is less appropriate to use if you have serverless architecture
Verified User
Anonymous
Read full review
Sonar
No answers on this topic
Pros
OpenText
  • DAST Scanning
  • API Scanning
  • Less detection of false positive
Zishan Ali Dakhani | TrustRadius Reviewer
Read full review
Sonar
  • SonarLint highlights all the issues in our codes and also displays the severity of each issue.
  • SonarLint also provides suggestions for how to fix those code issues which are highlighted.
  • SonarLint starts the processing of the file as soon as it is opened and highlights all the issues which it found.
  • When we fix the issue, we don't even need to create a new build or generate fresh code quality report, as soon as we save the file with the changes, it does the processing again and shows the result if the issue is fixed or not.
  • SonarLint saves a lot of time and effort by saving us from doing fresh build every time and generating new code quality report every time, thus increasing the efficiency and output which is in return beneficial for the client.
SJ
shaurya jain
digital tech developer associate
Read full review
Cons
OpenText
  • Reporting could be better
  • Can be an involved setup if your organization is not using common build tools
  • Users get spammed with a lot of email updates from the service
Verified User
Anonymous
Read full review
Sonar
  • Sometimes, SonarLint does not highlight the issues in the code correctly.
  • The severity of the issues highlighted is according to the default rules set, we should also be given authority to set the severity of the issues.
  • The default fixes which SonarLint provides should be more enhanced and there should be more fixes available.
  • Sometimes it takes a lot of time for processing of the file when any new file is loaded or changes are saved in a file.
SJ
shaurya jain
digital tech developer associate
Read full review
Likelihood to Renew
OpenText
Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
Zishan Ali Dakhani | TrustRadius Reviewer
Read full review
Sonar
No answers on this topic
Usability
OpenText
It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features.
Ankitkumar Mistry | TrustRadius Reviewer
Ankitkumar Mistry
Product Consultant
Read full review
Sonar
No answers on this topic
Support Rating
OpenText
Always receive excellent support from the vendor. No issues there.
Gene Baker | TrustRadius Reviewer
Gene Baker
Vice President, Chief Architect, Development Manager and Software Engineer
Read full review
Sonar
No answers on this topic
Alternatives Considered
OpenText
Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for us and the best fit.
Verified User
Anonymous
Read full review
Sonar
SonarLint works along with SonarQube
SJ
shaurya jain
digital tech developer associate
Read full review
Return on Investment
OpenText
  • DevSecOps helped in reducing efforts
  • License cost was less
  • We could roll out double the count of applications with implementation of WebInspect
Verified User
Anonymous
Read full review
Sonar
  • SonarLint helps in achieving all the business requirements in a more efficient way.
  • It reduces the manual and redundant work which we would have to do else every time if we did not use SonarLint.
  • SonarLint helps in maintaining code quality, and thus also highlights the loopholes for the cyber attacks and phishing attacks.
  • SonarLint makes work easy and helps the developer to invest less time in manual work thereby increasing their capacity to deliver the maximum output to the client.
SJ
shaurya jain
digital tech developer associate
Read full review
ScreenShots

SonarQube for IDE Screenshots

Screenshot of where SonarQube for IDE identifies and highlights issues in a Java project within VS Code. It also explains why this is an issue, how to fix it, and offers more educational content to help developers grow. SonarLint uncovers issues in over 30 languages, frameworks and IaC platforms. SonarLint is available for VS Code, Visual Studio, Eclipse and JetBrains IDEs.Screenshot of how when connected to either SonarCloud or SonarQube the developer can leverage SonarQube for IDE to identify complex bugs, share code quality expectations with their team, perform deeper issue analysis, enjoy smart notifications, and unlock additional language analysis opportunities. Connecting is easy and guided for a rapid setup, as seen here in the image.