No more typing reviews! Try our Samantha, our new voice AI agent.

SonarQube vs Trustwave App Scanner [EOL] comparison

SonarSource Sàrl and LevelBlue are both solutions in the Application Security Tools category. Additionally, 84% of SonarSource Sàrl users are willing to recommend the solution, compared to 66% of LevelBlue users who would recommend it.
SonarQube
Read 136 SonarQube reviews
  • 39,576 Views
  • 27,307 Comparison Views
84% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 5, 2025

Trustwave App Scanner [EOL] and SonarQube compete in the application security domain. SonarQube holds an advantage due to its comprehensive features, making it a strong choice for those seeking greater value.

Features: Trustwave App Scanner [EOL] emphasizes robust vulnerability detection and ease of use for routine scanning tasks. SonarQube offers extensive integration options, detailed code quality analysis, and supports over 20 programming languages, with a strong focus on software quality assurance and continuous integration.

Room for Improvement: Trustwave App Scanner [EOL] could improve by expanding its integration capabilities, reducing false positives, and ensuring long-term support for its end-of-life product. SonarQube can enhance by improving the documentation for integrations, lowering the initial setup complexity, and addressing support for mono reports in larger organizations.

Ease of Deployment and Customer Service: Trustwave App Scanner [EOL] is simpler to deploy, but its end-of-life status affects long-term support. SonarQube offers flexible deployment options, including on-premise and cloud-based, with reliable customer service and active community support ensuring ongoing assistance.

Pricing and ROI: Trustwave App Scanner [EOL] may have lower initial setup costs, appealing for shorter-term projects. SonarQube, despite a higher initial investment, offers a significant return on investment through its scalable platform and enhanced productivity, appealing for long-term security and quality management initiatives.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Application Security Tools Report (Updated: May 2026).
Buyer's Guide
Application Security Tools
May 2026
Download the complete report
Helped 893,221 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SonarQube
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
136
Ranking in other categories
Application Security Tools (1st), Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
Trustwave App Scanner [EOL]
Average Rating
7.6
Number of Reviews
5
Ranking in other categories
No ranking in other categories
 

Featured Reviews

KH
KarthikHarpanhalli
Sr Software Engineering Supervisor at Mozarc Medical
Gains control over rule customization and achieves reliable vulnerability assessment
The deployment process took me about 2 or 3 hours to deploy SonarQube Server (formerly SonarQube), although I do not remember exactly since it was done about 2 years back. Currently, about 10 of my developers are using SonarQube Server (formerly SonarQube) in my company. I do not have plans to increase the usage of SonarQube Server (formerly SonarQube) in the future as there will not be any requirement to increase. I am a senior software engineer and supervisor at Mozark Medical. My corporate email address is karthik.k.a.r.t.h.i.k.h.a.r.p.a.n.h.a.l.l.i@mozarkmedical.com. Overall, I would rate SonarQube Server (formerly SonarQube) as a 9 out of 10.
Read full review
Securityd276 - PeerSpot reviewer
Securityd276
Security Manager at a healthcare company with 1,001-5,000 employees
Stable solution that has increased the maturity of our security program
I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities. For the most part, it fits our needs but a little more flexibility would be great. I would also like to have more information on AI. If we start to deploy AI in our infrastructure, does it cover that as well?
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"SonarQube is a very good tool; it is lightweight and very cost effective as compared to IBM AppScan, and the dashboard is really neat and easy to operate, giving a lot of information that makes it very easy for the developers."
"All the features of the solution are quite good."
"We've been able to improve the quality of the products that we produce by using SonarQube."
"Some of the static code analysis capabilities are the most beneficial."
"It easily outperforms other static code tools — It's perfect as a static code analysis tool."
"We were trying to serve two purposes; work quality and code security, with one tool."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch."
"The reports from SonarCloud are very good."
More SonarQube pros
"The simple fact that it puts us in a better place for identifying our vulnerabilities is a form of ROI."
"Trustwave App Scanner makes it really easy and convenient for us to notify the website owners before the scans, as well as providing the scan results."
"The stability is great. We haven't had any issues at all with it."
"Web application security testing is a valuable feature."
"This scanner was more efficient compared to its competitors."
"Go ahead and use Hailstorm as it's the best dynamic code analysis tool one can invest in and it gives a better ROI than most."
 

Cons

"The installation of the framework was a bit difficult, it could be improved."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"If I configure a project in SonarQube, it generates a token. When we're compiling our code with SonarQube, we have to provide the token for security reasons."
"We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major."
"Executing sonar analysis on a big chunk of code with an Oracle database does take up a lot of time."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"The handling of the contents of Docker container images could be better."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
More SonarQube cons
"It was complex as I have to make sure all the requirements are in place before on-boarding Hailstorm."
"Used to crash/freeze due to poor performance, not sure about newer versions."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
"It doesn't support modern web technologies such as GWT, Angular, JS etc."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
"One feature that I would really want is the number of total applications in the web GUI; after selecting a filter on the applications, it would be really helpful if it shows the number of applications."
 

Pricing and Cost Advice

"We use the free version; there are no hidden costs or licensing required."
"The beauty of this solution is the free open-source version is capable enough in doing pretty much what an enterprise-level version can do."
"We did not purchase a license (required for C++ support), but this option was considered."
"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"The solution is cheaper than other products."
"SonarQube is a fairly affordable solution for a larger scale if you have a specific role or specific department for secure code."
"The price of this solution is more expensive than competitors. However, it works better than competitors."
"SonarQube enterprise, I am not sure of the price but from what I understand they are charging a fee. It's is not clear if it is an annual fee or a one-off."
More SonarQube pricing and cost advice
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
893,221 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Manufacturing Company
13%
Computer Software Company
12%
Comms Service Provider
6%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business43
Midsize Enterprise24
Large Enterprise79
No data available
 

Questions from the Community

Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Checkmarx One vs SonarQube Logo
Checkmarx One vs SonarQube
Compared 28% of the time
Snyk vs SonarQube Logo
Snyk vs SonarQube
Compared 8% of the time
OpenText Core Application Security vs SonarQube Logo
OpenText Core Application Security vs SonarQube
Compared 4% of the time
GitHub Advanced Security vs SonarQube Logo
GitHub Advanced Security vs SonarQube
Compared 3% of the time
Veracode vs SonarQube Logo
Veracode vs SonarQube
Compared 3% of the time
More SonarQube Competitors
HCL AppScan vs Trustwave App Scanner [EOL] Logo
HCL AppScan vs Trustwave App Scanner [EOL]
Compared 46% of the time
Snyk vs Trustwave App Scanner [EOL] Logo
Snyk vs Trustwave App Scanner [EOL]
Compared 24% of the time
Sonatype Lifecycle vs Trustwave App Scanner [EOL] Logo
Sonatype Lifecycle vs Trustwave App Scanner [EOL]
Compared 12% of the time
More Trustwave App Scanner [EOL] Competitors
 

Product Reports

Buyer's Guide
SonarQube
April 2026
SonarQube reportDownload SonarQube product report
Buyer's Guide
Application Security Tools
May 2026
Trustwave App Scanner [EOL] reportDownload Trustwave App Scanner [EOL] product report
 

Also Known As

Sonar, SonarQube Cloud
Hailstorm, Cenzic Hailstorm
 

Interactive Demo

SonarSource Sàrl
Demo not available
LevelBlue
 

Overview

SonarQube leads automated code review, enhancing code quality and security in AI-driven SDLCs. It analyzes pull requests, providing developers with actionable feedback and AI-driven fixes before code merges. Trusted by top enterprises, it supports SaaS and self-managed deployments.

SonarQube supports a wide range of programming languages and integrates seamlessly with CI/CD tools like Jenkins. It is renowned for its static code analysis, code coverage, and security vulnerability detection. While its open-source foundation and scalability are praised, users seek enhanced integration across multiple languages, better security features, and improved documentation. Despite challenges, its ability to automate code inspections and ensure compliance with coding standards makes it essential in software development processes, facilitating continuous improvement.

What are the most important features?
  • Language Support: Extensive support for multiple programming languages.
  • Custom Coding Rules: Allows defining project-specific rules.
  • Integration: Seamlessly works with Jenkins and CI/CD pipelines.
  • Quality Gates: Simplifies monitoring code quality.
  • Dashboards: Facilitates easy monitoring and management.
  • Static Code Analysis: Detects issues early in development.
  • Security Detection: Identifies vulnerabilities automatically.
What benefits should users look for?
  • Improved Code Quality: Enhances reliability and maintainability.
  • Security Assurance: Strengthens code against vulnerabilities.
  • Technical Debt Reduction: Ensures cleaner, maintainable code.
  • Efficient Feedback: Speeds up development cycles.
  • Standards Compliance: Aids in adhering to best practices.

In industries like finance, healthcare, and automotive, SonarQube is leveraged for static code analysis, automating code inspections, and ensuring compliance with stringent standards. Teams integrate it into their CI/CD pipelines to maintain high-quality code, identify security vulnerabilities, and enhance code maintainability.

SonarSource Sàrl
Provides ability to test applications for security vulnerabilities, security policies and regulatory compliance.
LevelBlue
 

Sample Customers

Snowflake, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.
Leading Health Insurer
Buyer's Guide
Application Security Tools
May 2026
Download Free Report
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: May 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.