Qualys Web Application Scanning and SonarQube Cloud operate within the realm of cybersecurity and development tools. Qualys stands out in terms of user-friendliness and integration, while SonarQube Cloud excels in continuous code analysis and detailed workflows.
Features: Qualys Web Application Scanning offers seamless integration with Jenkins and Burp Suite, a comprehensive dashboard, and robust protection against zero-day vulnerabilities. SonarQube Cloud provides insights into code quality and security vulnerabilities, effective integration with version control systems, and detailed code analysis workflows.
Room for Improvement: Qualys Web Application Scanning could enhance its API capabilities, improve asset organization, and performance in security scanning. SonarQube Cloud requires improvements in setup process, reporting flexibility, and comprehensive documentation to assist with feature integration.
Ease of Deployment and Customer Service: Qualys Web Application Scanning offers flexible deployment across environments with 24/7 support, though some report slower resolution. SonarQube Cloud provides straightforward cloud deployment with favorable support interactions, with user experiences varying based on familiarity.
Pricing and ROI: Qualys Web Application Scanning has competitive yet pricey offerings, especially for smaller companies, with bulk licensing offering cost advantages. SonarQube Cloud, priced on lines of code, often seems cheaper, with community versions offering essential features with good value. Both deliver ROI, Qualys in vulnerability management, and SonarQube Cloud in code quality improvement.
It is easily integrable with the CI/CD pipeline and supports multiple projects with its extensive plugin options.
The product is designed for bigger clients, while smaller companies are often put aside.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
The customer service and support for SonarQube Cloud are responsive and helpful.
Integrating it into different solutions is straightforward.
It is licensed for assets, so we just contact the team for additional licenses if needed.
At one point, there was a limitation on reporting for 100,000 assets at a time.
It has been used in multiple projects and performs well.
There are limitations, and it seems to have fewer capabilities than Veracode.
SonarQube Cloud is a scalable product, and I rate its scalability at seven out of ten.
From my team's feedback, it is almost an eight out of ten.
It is a quite stable solution.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
One area of improvement is reducing false positives by prioritizing agent findings over remote findings when there is a corresponding local agent finding.
To improve SonarQube Cloud (formerly SonarCloud), it should excel in all these domains.
I would like to see SonarQube Cloud provide more detailed solutions for fixing code issues, especially solutions related to CVEs.
Static code analysis is good, but the product lacks dynamic code scanning capabilities, an area where Veracode excels.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
SonarQube Cloud is roughly equivalent in cost to Veracode, maybe a little cheaper.
From my experience, SonarQube Cloud (formerly SonarCloud) is very expensive for small companies.
We used the open-source version of SonarQube Cloud for its minimum features and did not license its extensive capabilities.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
Qualys Web Application Scanning is accurate and provides minimal false positives.
Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities.
I use SonarQube Cloud (formerly SonarCloud) to check the quality of developer code and identify vulnerabilities.
It is integrated easily with the CI/CD pipeline, saving time and cost.
I find SonarQube Cloud very easy to use and simple to integrate initially.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.
Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:
Benefits of Qualys Web Application Scanning
Qualys Web Application Scanning offers many benefits, including:
Reviews from Real Users
Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.
P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.
SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.
What are the key features of SonarQube Cloud?In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
