What users are saying about
19 Ratings
12 Ratings
19 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.3 out of 100
12 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.1 out of 100

Likelihood to Recommend

SonarQube

SonarQube has been well suited for us when new devleopers start working on our projects. With SonarQube checking code smells and our custom coding stardards, new developers write better code with less errors as outlined by our development standards.It is also very handy to have SonarQube built right into our continuous integration process. Doing it this way results in having less worry around whether our coding standards have been followed. They are automatically applied before code is checked in.
Anonymous | TrustRadius Reviewer

Veracode

If you need to perform static application security testing (SAST) and low price is not a problem, then Veracode is a good choice. The speed of the static analysis could also be increased. It is, however, one of the few tools available that can analyze the bytecode of a .Net web application and provide very good analysis of the application. The generated report is also quite good, even though it appears everyone wants a report based on PCI problems, even if your application does not deal with any financial information.
Glenn Jones | TrustRadius Reviewer

Pros

SonarQube

  • Core competency of static analysis. This is why SonarQube exists and it does it exceedingly well.
  • Customized quality settings let you tailor the tool for your specific needs.
  • Support for many languages including C, C++, Python, and more.
Anonymous | TrustRadius Reviewer

Veracode

  • Extremely efficient for large amount of code as it scans and saves time and resources.
  • Report given about security of the application is detailed and very easy to work on.
  • Secure application and ensures code is safe.
Anonymous | TrustRadius Reviewer

Cons

SonarQube

  • Have a way to ignore the issues that the team decides not to fix.
Hung Vu | TrustRadius Reviewer

Veracode

  • It was scanning our asp.net code just fine, but couldn't scan our Classic ASP and SQL files. At least, we couldn't get it to scan our Classic ASP and SQL code when we tried. Perhaps that's an area for improvement.
  • We also ran in to some performance issues getting the scanned report back in time. We had to overcome that by reducing the size of our upload.
Anonymous | TrustRadius Reviewer

Support Rating

SonarQube

SonarQube 9.0
Based on 1 answer
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Anonymous | TrustRadius Reviewer

Veracode

Veracode 8.0
Based on 5 answers
Veracode support is usually accurate and they get back to us quickly. The technical support team is very knowledgeable not only on how Veracode platform works but also in terms of different use cases and clients' expectations. I have always had very positive results when I needed to engage with support and the ability to solve problems and keep track of those issues is amazing.
Anonymous | TrustRadius Reviewer

Alternatives Considered

SonarQube

Gitlab, if you have the right license, ships with a static analysis tool. It integrates better with Gitlab, but didn't seem to have the same quality output that Sonarqube did. Sonarqube's community version is plenty suitable for day to day analysis operations.
Anonymous | TrustRadius Reviewer

Veracode

Secure AssistShiftleftCoverityThings Veracode does better than the other tools:
  • Fewer false positives
  • Faster scans
  • Language support
  • Covers security and license risks related to OSS
Mohana Chintalapati | TrustRadius Reviewer

Return on Investment

SonarQube

  • It became easy to identify the bugs and issue generation.
  • It is open source thus saving money.
  • Enhances the code quality and standard.
Sanyam Jain | TrustRadius Reviewer

Veracode

  • Identifying 3rd-party vulnerability issues before shipping software to the production site is a huge win for us.
  • Resolving potential malicious code found from SCA scan helps tremendously as well.
Anonymous | TrustRadius Reviewer

Pricing Details

SonarQube

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Veracode

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Add comparison