Introducing G2.ai, the future of software buying.Try now
- Home
- ...
- Static Code Analysis Tools
- SonarQube
- Veracode Application Security Platform
- SonarQube-vs-Veracode Application Security Platform
Compare SonarQube and Veracode Application Security Platform 
At a Glance
Market Segments
Enterprise (44.4% of reviews)
Enterprise (52.2% of reviews)
Entry-Level Pricing
Free
No pricing available
SonarQube
Star Rating
(119)4.4 out of 5
Market Segments
Enterprise (44.4% of reviews)
Entry-Level Pricing
Free
Browse all 4 pricing plansVeracode Application Security Platform
Star Rating
(24)3.7 out of 5
Market Segments
Enterprise (52.2% of reviews)
Entry-Level Pricing
No pricing available
Learn more about Veracode Application Security PlatformSummary
AI Generated Summary
AI-generated. Powered by real user reviews.
- Users report that Veracode Application Security Platform excels in its Static Code Analysis with a score of 9.0, indicating a robust capability to identify vulnerabilities early in the development process. In contrast, SonarQube Server also performs well in this area with a score of 9.3, but users mention that its Code Analysis features are particularly strong, scoring 9.1, which helps in maintaining code quality over time.
- Reviewers mention that Veracode's Ease of Setup is a significant drawback, scoring only 5.7, which can lead to longer onboarding times. On the other hand, SonarQube Server has a much better score of 7.8, making it easier for teams to get started quickly.
- G2 users highlight that Veracode's False Positives rate is a concern, with a score of 6.8, which can lead to unnecessary remediation efforts. In contrast, SonarQube Server has a better score of 7.8 in this area, indicating a more reliable detection mechanism that minimizes noise in vulnerability reports.
- Users on G2 report that Veracode's Quality of Support is satisfactory, with a score of 8.0, but they also mention that SonarQube Server matches this score while providing a more extensive community and documentation resources, which can be beneficial for troubleshooting and learning.
- Reviewers say that Veracode's Product Direction is a concern, scoring only 6.3, which raises questions about its future development and feature enhancements. In contrast, SonarQube Server has a more positive outlook with a score of 8.0, suggesting a more proactive approach to evolving its features based on user feedback.
- Users report that Veracode's API / Integrations score of 7.7 indicates decent extensibility, but SonarQube Server shines with a score of 9.2, allowing for better integration with various development tools and enhancing overall workflow efficiency.
Featured Products
Sponsored
Intruder
(182)
Bug Tracking
Visit Website
Pricing
Entry-Level Pricing
SonarQube
Community Edition
Free
Explore: https://www.sonarsource.com/plans-and-pricing/
- Free
- Popular & classic languages support
- Integration with DevOps platforms
Veracode Application Security Platform
No pricing availableFree Trial
SonarQube
Free Trial is available
Veracode Application Security Platform
No trial information availableRatings
Meets Requirements
8.9
102
8.1
19
Ease of Use
8.5
104
7.3
19
Ease of Setup
8.0
63
5.7
7
Ease of Admin
8.5
58
7.4
7
Quality of Support
8.3
85
8.0
18
Has the product been a good partner in doing business?
8.4
52
7.9
7
Product Direction (% positive)
8.5
98
6.3
19
Features by Category
Administration
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Testing
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Administration
7.8
15
Not enough data
5.9
16
Not enough data
Analysis
7.5
17
Not enough data
8.2
16
Not enough data
9.0
18
Not enough data
9.1
18
Not enough data
Testing
6.7
14
Not enough data
5.9
15
Not enough data
5.9
17
Not enough data
7.0
14
Not enough data
7.1
13
Not enough data
8.2
17
Not enough data
6.7
17
Not enough data
Agentic AI - Static Application Security Testing (SAST)
Not enough data
Not enough data
Administration
Not enough data
7.9
7
Not enough data
9.2
6
Analysis
Not enough data
8.3
7
Not enough data
8.3
5
Not enough data
9.3
7
Not enough data
8.8
7
Not enough data
8.6
6
Testing
Not enough data
Not enough data
Not enough data
9.0
5
Not enough data
Not enough data
Not enough data
8.3
5
Not enough data
8.0
5
Not enough data
7.8
6
Performance
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Network
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Application
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Agentic AI - Vulnerability Scanner
Not enough data
Not enough data
Not enough data
Not enough data
Functionality
7.9
26
Not enough data
8.3
25
Not enough data
8.2
24
Not enough data
Management
7.6
22
Not enough data
7.5
20
Not enough data
7.9
22
Not enough data
Bug Reporting
9.0
7
Not enough data
9.3
7
Not enough data
9.0
7
Not enough data
Bug Monitoring
8.8
7
Not enough data
8.8
7
Not enough data
9.3
7
Not enough data
Agentic AI - Bug Tracking
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Functionality - Software Composition Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Effectiveness - Software Composition Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Documentation
7.8
29
Not enough data
7.5
29
Not enough data
8.2
30
Not enough data
Security
6.9
27
Not enough data
7.0
26
Not enough data
8.0
27
Not enough data
Application Security Posture Management (ASPM)Hide 11 FeaturesShow 11 Features
Not enough data
Not enough data
Risk management - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Integration and efficiency - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Reporting and Analytics - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Agentic AI - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
AI Compliance
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Risk Management & Monitoring
Not enough data
Not enough data
Not enough data
Not enough data
AI Lifecycle Management
Not enough data
Not enough data
Access Control and Security
Not enough data
Not enough data
Collaboration and Communication
Not enough data
Not enough data
Agentic AI - AI Governance Tools
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Agentic AI - Static Code Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Cloud Visibility
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Security
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Identity
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Interactive Application Security Testing (IAST)Hide 1 FeatureShow 1 Feature
Not enough data
Not enough data
Agentic AI - Interactive Application Security Testing (IAST)
Not enough data
Not enough data
Categories
Categories
Shared Categories
SonarQube and Veracode Application Security Platform are categorized as Secure Code Review, Static Application Security Testing (SAST), and Static Code Analysis
Unique Categories
SonarQube is categorized as Software Development Analytics Tools, Bug Tracking, AI Governance Tools, and Application Security Posture Management (ASPM)
Veracode Application Security Platform is categorized as Penetration Testing, Vulnerability Scanner, Dynamic Application Security Testing (DAST), Software Composition Analysis, and Interactive Application Security Testing (IAST)
Reviews
Reviewers' Company Size
SonarQube
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
Veracode Application Security Platform
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
Small-Business
(50 or fewer emp.)
Mid-Market
(51-1000 emp.)
Enterprise
(> 1000 emp.)
Reviewers' Industry
Information Technology and Services
25.6%
Computer Software
22.2%
Financial Services
6.8%
Hospital & Health Care
3.4%
Computer & Network Security
3.4%
Other
38.5%
Information Technology and Services
30.4%
Hospital & Health Care
13.0%
Consumer Goods
8.7%
Computer Software
8.7%
Telecommunications
4.3%
Other
34.8%
Most Helpful Reviews
SonarQube
Most Helpful Favorable Review
Kevin B.
Verified User in Computer Software
What I love about SonarQube is how it digs deep into my code and finds hidden issues which are not as obvious when writing the code, especially bugs and security problems, across different programming languages. It hooks up smoothly with my CI/CD pipelines,...
Most Helpful Critical Review
Verified User in Computer Software
no real support whatsoever for the $20k price tag; set up can be hellish if you haven't been through it before. With a database that has prevented updates to newer versions
Veracode Application Security Platform
Most Helpful Favorable Review
Verified User in Information Technology and Services
Veracode is good static analysis tool to find security flaws. I use this tool to scan my java microservices jar files. it's easy to configure. It does not require source code and accepts binary files and scans them. We can either manually scan files or...
Most Helpful Critical Review
Alex G.
Verified User in Design
Unfortunately, Veracode hasn't actually found the formula for success yet. The interface is clunky and disjointed, the documentation is confusing, and customer support takes literally weeks or months to respond to requests. It's a classic case of an...
Kevin B.
Verified User in Computer Software
What I love about SonarQube is how it digs deep into my code and finds hidden issues which are not as obvious when writing the code, especially bugs and security problems, across different programming languages. It hooks up smoothly with my CI/CD pipelines,...
Verified User in Information Technology and Services
Veracode is good static analysis tool to find security flaws. I use this tool to scan my java microservices jar files. it's easy to configure. It does not require source code and accepts binary files and scans them. We can either manually scan files or...
Verified User in Computer Software
no real support whatsoever for the $20k price tag; set up can be hellish if you haven't been through it before. With a database that has prevented updates to newer versions
Alex G.
Verified User in Design
Unfortunately, Veracode hasn't actually found the formula for success yet. The interface is clunky and disjointed, the documentation is confusing, and customer support takes literally weeks or months to respond to requests. It's a classic case of an...
Discussions
SonarQube has no discussions with answers
Veracode Application Security Platform has no discussions with answers
Hunting for software insights?
With over 2.5 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.
