Introducing G2.ai, the future of software buying.Try now
- Home
- ...
- Dynamic Application Security Testing (DAST) Software
- HCL AppScan
- SonarQube
- HCL AppScan-vs-SonarQube
Compare HCL AppScan and SonarQube 
At a Glance
Market Segments
Enterprise (53.4% of reviews)
Enterprise (44.0% of reviews)
Entry-Level Pricing
Free
Free
HCL AppScan
Star Rating
(76)4.1 out of 5
Market Segments
Enterprise (53.4% of reviews)
Entry-Level Pricing
Free
Browse all 3 pricing plansSonarQube
Star Rating
(117)4.4 out of 5
Market Segments
Enterprise (44.0% of reviews)
Entry-Level Pricing
Free
Browse all 4 pricing plansSummary
AI Generated Summary
AI-generated. Powered by real user reviews.
- Users report that SonarQube Server excels in Static Code Analysis with a score of 9.0, highlighting its ability to provide detailed insights into code quality, while HCL AppScan follows with a score of 8.3, which some reviewers feel lacks the depth of analysis.
- Reviewers mention that HCL AppScan offers superior Test Automation capabilities, scoring 8.4 compared to SonarQube's 6.3, making it a preferred choice for teams looking to integrate automated testing into their CI/CD pipelines.
- G2 users indicate that SonarQube Server's Ease of Setup is rated at 7.8, which some find challenging, whereas HCL AppScan's score of 8.5 suggests a more user-friendly installation process, making it easier for teams to get started quickly.
- Users on G2 highlight that HCL AppScan's Compliance Testing features are robust, scoring 7.9, while SonarQube's score of 7.1 indicates it may not meet the compliance needs of all organizations as effectively.
- Reviewers say that SonarQube Server provides excellent Code Analysis with a score of 9.1, which users appreciate for its thoroughness, while HCL AppScan's score of 8.0 suggests it may not be as comprehensive in this area.
- Users report that HCL AppScan's False Positives rate is better, scoring 7.5 compared to SonarQube's 6.8, which is a significant consideration for teams looking to minimize noise in their security findings.
Featured Products
Sponsored
Axify
(6)
Bug Tracking
Visit Website
Sponsored
OX Security
(51)
Bug Tracking
Visit Website
Sponsored
DX
(198)
Bug Tracking
Visit Website
Pricing
Entry-Level Pricing
HCL AppScan
HCL AppScan CodeSweep
Free
Free-to-use security tool for developers alike who need to "spell check" and fix their code, as they write it, in multiple IDEs.
- Ideal for Developers
SonarQube
Community Edition
Free
Explore: https://www.sonarsource.com/plans-and-pricing/
- Free
- Popular & classic languages support
- Integration with DevOps platforms
Free Trial
HCL AppScan
Free Trial is available
SonarQube
Free Trial is available
Ratings
Meets Requirements
8.8
59
8.8
101
Ease of Use
8.5
62
8.5
103
Ease of Setup
8.5
31
8.0
62
Ease of Admin
8.7
31
8.5
57
Quality of Support
8.5
60
8.3
84
Has the product been a good partner in doing business?
8.8
30
8.4
51
Product Direction (% positive)
8.4
58
8.4
97
Features by Category
Administration
8.2
21
7.8
15
8.5
21
5.9
16
Analysis
8.6
22
7.5
17
7.8
22
8.2
16
8.3
22
9.0
18
8.0
22
9.1
18
Testing
7.6
21
6.7
14
7.8
21
5.9
15
8.4
20
5.9
17
7.9
21
7.0
14
8.3
20
7.1
13
8.3
21
8.2
17
7.5
21
6.7
17
Agentic AI - Static Application Security Testing (SAST)
Not enough data
Not enough data
Administration
8.1
26
Not enough data
8.2
28
Not enough data
Analysis
8.5
29
Not enough data
8.0
27
Not enough data
8.2
28
Not enough data
8.5
27
Not enough data
8.3
27
Not enough data
Testing
7.7
28
Not enough data
7.9
24
Not enough data
8.4
26
Not enough data
8.2
29
Not enough data
8.2
29
Not enough data
7.1
29
Not enough data
Functionality
Not enough data
7.9
26
Not enough data
8.3
25
Not enough data
8.2
24
Management
Not enough data
7.6
22
Not enough data
7.5
20
Not enough data
7.9
22
Bug Reporting
Not enough data
9.0
7
Not enough data
9.3
7
Not enough data
9.0
7
Bug Monitoring
Not enough data
8.8
7
Not enough data
8.8
7
Not enough data
9.3
7
Agentic AI - Bug Tracking
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Functionality - Software Composition Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Effectiveness - Software Composition Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Documentation
Not enough data
7.7
28
Not enough data
7.4
28
Not enough data
8.2
29
Security
Not enough data
6.7
26
Not enough data
6.9
25
Not enough data
7.9
26
Application Security Posture Management (ASPM)Hide 11 FeaturesShow 11 Features
Not enough data
Not enough data
Risk management - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Integration and efficiency - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Reporting and Analytics - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Agentic AI - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
AI Compliance
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Risk Management & Monitoring
Not enough data
Not enough data
Not enough data
Not enough data
AI Lifecycle Management
Not enough data
Not enough data
Access Control and Security
Not enough data
Not enough data
Collaboration and Communication
Not enough data
Not enough data
Agentic AI - AI Governance Tools
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Agentic AI - Static Code Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Cloud Visibility
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Security
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Identity
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Interactive Application Security Testing (IAST)Hide 1 FeatureShow 1 Feature
Not enough data
Not enough data
Agentic AI - Interactive Application Security Testing (IAST)
Not enough data
Not enough data
Categories
Categories
Shared Categories
HCL AppScan and SonarQube are categorized as Static Application Security Testing (SAST)
Unique Categories
HCL AppScan is categorized as Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis
SonarQube is categorized as Secure Code Review, Software Development Analytics Tools, Static Code Analysis, Bug Tracking, AI Governance Tools, and Application Security Posture Management (ASPM)
Reviews
Reviewers' Company Size
HCL AppScan
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
SonarQube
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
Small-Business
(50 or fewer emp.)
Mid-Market
(51-1000 emp.)
Enterprise
(> 1000 emp.)
Reviewers' Industry
Information Technology and Services
24.3%
Computer & Network Security
13.5%
Computer Software
9.5%
Automotive
8.1%
Banking
6.8%
Other
37.8%
Information Technology and Services
25.9%
Computer Software
22.4%
Financial Services
6.9%
Hospital & Health Care
3.4%
Computer & Network Security
3.4%
Other
37.9%
Most Helpful Reviews
HCL AppScan
Most Helpful Favorable Review
Verified User in E-Learning
It provides good features like jira integration which is very necessary to manage the product and team with having good enhancement of the security features enabled. It is very helpful in managing the user and security groups. Easy to handle and...
Most Helpful Critical Review
Verified User in Computer Software
updates are slow and it has been also slow updates on most of the time
SonarQube
Most Helpful Favorable Review
Kevin B.
Verified User in Computer Software
What I love about SonarQube is how it digs deep into my code and finds hidden issues which are not as obvious when writing the code, especially bugs and security problems, across different programming languages. It hooks up smoothly with my CI/CD pipelines,...
Most Helpful Critical Review
Verified User in Financial Services
Recognizing code coverage. Speed. Recognizing accurate code issues sometimes poor.
Verified User in E-Learning
It provides good features like jira integration which is very necessary to manage the product and team with having good enhancement of the security features enabled. It is very helpful in managing the user and security groups. Easy to handle and...
Kevin B.
Verified User in Computer Software
What I love about SonarQube is how it digs deep into my code and finds hidden issues which are not as obvious when writing the code, especially bugs and security problems, across different programming languages. It hooks up smoothly with my CI/CD pipelines,...
Verified User in Computer Software
updates are slow and it has been also slow updates on most of the time
Verified User in Financial Services
Recognizing code coverage. Speed. Recognizing accurate code issues sometimes poor.
Alternatives
Discussions
Who owns AppScan?
1 comment
Official Response from HCL AppScan
HCL AppScan is owned by HCL Software.Read more
HCL AppScan has no more discussions with answers
SonarQube has no discussions with answers
Hunting for software insights?
With over 2.5 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.
