No more typing reviews! Try our Samantha, our new voice AI agent.

ReversingLabs vs SonarQube comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ReversingLabs
Ranking in Application Security Tools
40th
Average Rating
9.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Anti-Malware Tools (42nd), Container Security (52nd), Software Composition Analysis (SCA) (25th), Threat Intelligence Platforms (TIP) (28th), Software Supply Chain Security (18th)
SonarQube
Ranking in Application Security Tools
1st
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
137
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of July 2026, in the Application Security Tools category, the mindshare of ReversingLabs is 0.9%, up from 0.2% compared to the previous year. The mindshare of SonarQube is 12.4%, down from 23.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
SonarQube12.4%
ReversingLabs0.9%
Other86.7%
Application Security Tools
 

Featured Reviews

TC
Forensic Lead, Global Security Fusion Center at a insurance company with 10,001+ employees
Very good malware and goodware repository and enables us to look more deeply at indicators of compromise
The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild. Also, the solution’s object and file analysis provide us with actionable insights. Its malware and goodware repository is very good. It's very robust. It gets all of the different repositories that are out there that do analysis and brings them under one roof where we can statically analyze for those indicators of compromise and look at them more deeply. If we need to go deeper into things, we can do that.
Vitthal Gole - PeerSpot reviewer
Devops Engineer at AIQOD
Automated code checks have improved quality gates and prevent weak code from reaching production
SonarQube could improve by reducing false positives in its static code analysis; while its detection capabilities are strong, some findings require manual verification, increasing developers' workload. More accurate analysis would enhance productivity, and SonarQube would benefit from enhanced AI-powered recommendations for fixing issues. For instance, in our pipeline, if it fails during SonarQube stage, we could check the dashboard for identified issues involving code smells, bugs, or duplicacy. An AI feature should be integrated into SonarQube to resolve issues quickly; optimizing scanning performance for very large repositories and providing faster analysis times would enhance the developer experience, especially in large code bases with frequent commits. For anyone planning to implement SonarQube, I advise starting by defining coding standards first and integrating Quality Gates into the pipeline. You can customize quality profiles to match project requirements; rather than relying entirely on default rules, you can adjust settings for stronger detection and enforcement. Organizations with advanced security, branch analysis, and governance features might consider commercial editions based on their needs.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information... It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types."
"We had nothing in the environment to do such analysis, so it's been a savior in many ways."
"As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name."
"We have complete faith that it can do that for us, and can do it at scale."
"As far as the availability of the content is generally concerned and the number of malicious programs that can be looked up in the repository, these are very extensive."
"The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild."
"ReversingLabs has a large sample size."
"As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"It is very good at identifying technical debt."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"The static code analysis is very good."
"SonarQube lets us find security issues during development and testing so that we can release more secure and higher quality applications."
"If you are looking for full coverage and quality improvement then it is the best product to use."
"While annoying occasionally with its issue reports, it is actually an invaluable source of better knowledge and applying it in practice to your solutions."
 

Cons

"The solution needs to improve integrations."
"We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us."
"I would like to see if we could do a little bit more of bulk uploading of hash sets. Right now, I can only do them individually."
"While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality."
"The product support could be better at times. Sometimes, the resources that they provide could be of higher quality."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"However, time and time again, some issues become annoying, since they are actually not issues."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
"The BPM language is important and should be considered in SonarQube."
"The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"Our developers have complained about the Quality Gates and the number of false positives that this product reports."
 

Pricing and Cost Advice

"We have a yearly contract based on the number of queries and malicious programs which can be processed."
"Currently, the license number of lookups that we purchased has not been reached yet, because the integration has only recently been completed. However, our usage is expected and planned to increase over the next couple of months."
"We are using the Developer Edition and the cost is based on the amount of code that is being processed."
"People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it."
"I was using the Community Edition, which is available free of charge."
"For the Community edition, there is no extra cost. It's totally free. The Enterprise edition, Data Center edition, and Developer edition are the paid versions."
"As a user and a consumer of this solution, it can be pricey for my company to support and use, even though there are many benefits. For this reason, we use the free version. In the future, as our product cycles develop and evolve at a more steady pace, we hope to invest in the licensing for this tool."
"We have a license with 125,000 lines of code. We did not purchase a lot of lines but it is specific to our code environment."
"I am satisfied with the pricing."
"This solution is free."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
904,680 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
16%
Financial Services Firm
12%
University
8%
Computer Software Company
8%
Financial Services Firm
13%
Manufacturing Company
13%
Computer Software Company
12%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise24
Large Enterprise80
 

Questions from the Community

Ask a question
Earn 20 points
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Comparisons

 

Also Known As

ReversingLabs Titanium, ReversingLabs secure.software
Sonar, SonarQube Cloud
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Financial services, healthcare, government, manufacturing, oil & gas, telecommunications, information technology
Snowflake, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.
Find out what your peers are saying about ReversingLabs vs. SonarQube and other solutions. Updated: June 2026.
904,680 professionals have used our research since 2012.