- Home
- ...
- Dynamic Application Security Testing (DAST) Software
- HCL AppScan
- SonarQube Server (formerly SonarQube)
- HCL AppScan-vs-SonarQube Server (formerly SonarQube)
Compare HCL AppScan and SonarQube Server (formerly SonarQube) 
At a Glance
Market Segments
Enterprise (53.4% of reviews)
Enterprise (43.8% of reviews)
Entry-Level Pricing
Free
Free
HCL AppScan
Star Rating
(76)4.1 out of 5
Market Segments
Enterprise (53.4% of reviews)
Entry-Level Pricing
Free
Browse all 3 pricing plansSonarQube Server (formerly SonarQube)
Star Rating
(90)4.4 out of 5
Market Segments
Enterprise (43.8% of reviews)
Entry-Level Pricing
Free
Browse all 4 pricing plansSummary
AI Generated Summary
AI-generated. Powered by real user reviews.
- Users report that SonarQube Server excels in Static Code Analysis with a score of 9.0, highlighting its ability to provide detailed insights into code quality, while HCL AppScan, with a score of 8.3, is noted for its comprehensive security testing but lacks the same depth in code quality metrics.
- Reviewers mention that HCL AppScan shines in Test Automation, scoring 8.4, which allows for seamless integration into CI/CD pipelines, whereas SonarQube Server's score of 6.3 indicates it may not be as robust in automating testing processes.
- G2 users highlight that SonarQube Server's Repository Integration score of 7.8 is beneficial for developers looking to maintain code quality across various repositories, while HCL AppScan's integration capabilities are rated higher at 8.2, making it more versatile for different development environments.
- Users on G2 report that HCL AppScan provides better Compliance Testing with a score of 7.9, which is crucial for organizations needing to adhere to regulatory standards, compared to SonarQube Server's score of 7.1, which may not meet all compliance needs.
- Reviewers say that SonarQube Server's Documentation is often praised for its clarity and comprehensiveness, aiding users in navigating the software effectively, while HCL AppScan's documentation is perceived as less user-friendly, impacting the ease of onboarding.
- Users report that HCL AppScan's False Positives score of 7.5 is better than SonarQube Server's 6.8, indicating that AppScan may provide more accurate vulnerability assessments, which is critical for security-focused teams.
Featured Products
Sponsored
OX Security
(48)
Static Code Analysis
Visit Website
Sponsored
Middleware
(19)
Static Code Analysis
Visit Website
Sponsored
Axify
(4)
Static Code Analysis
Visit Website
Pricing
Entry-Level Pricing
HCL AppScan
HCL AppScan CodeSweep
Free
Free-to-use security tool for developers alike who need to "spell check" and fix their code, as they write it, in multiple IDEs.
- Ideal for Developers
SonarQube Server (formerly SonarQube)
Community Edition
Free
Explore: https://www.sonarsource.com/plans-and-pricing/
- Free
- Popular & classic languages support
- Integration with DevOps platforms
Free Trial
HCL AppScan
Free Trial is available
SonarQube Server (formerly SonarQube)
Free Trial is available
Ratings
Meets Requirements
8.8
59
8.7
77
Ease of Use
8.5
62
8.3
79
Ease of Setup
8.5
31
7.8
50
Ease of Admin
8.7
31
8.3
46
Quality of Support
8.5
60
8.0
62
Has the product been a good partner in doing business?
8.8
30
8.3
40
Product Direction (% positive)
8.4
58
8.0
74
Features by Category
Administration
8.2
21
7.7
14
8.5
21
6.3
15
Analysis
8.6
22
7.6
16
7.8
22
8.2
15
8.3
22
9.0
17
8.0
22
9.1
17
Testing
7.6
21
7.2
13
7.8
21
6.3
14
8.4
20
6.3
16
7.9
21
7.1
13
8.3
20
7.6
12
8.3
21
8.5
16
7.5
21
6.6
16
Administration
8.1
26
Not enough data
8.2
28
Not enough data
Analysis
8.5
29
Not enough data
8.0
27
Not enough data
8.2
28
Not enough data
8.5
27
Not enough data
8.3
27
Not enough data
Testing
7.7
28
Not enough data
7.9
24
Not enough data
8.4
26
Not enough data
8.2
29
Not enough data
8.2
29
Not enough data
7.1
29
Not enough data
Functionality
Not enough data
7.8
24
Not enough data
8.3
23
Not enough data
8.3
22
Management
Not enough data
7.5
20
Not enough data
7.6
18
Not enough data
7.8
20
Functionality - Software Composition Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Effectiveness - Software Composition Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Documentation
Not enough data
7.7
26
Not enough data
7.4
26
Not enough data
8.2
27
Security
Not enough data
6.8
24
Not enough data
7.5
23
Not enough data
8.0
24
Application Security Posture Management (ASPM)Hide 9 FeaturesShow 9 Features
Not enough data
Not enough data
Risk management - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Integration and efficiency - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Reporting and Analytics - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Cloud Visibility
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Security
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Identity
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Categories
Categories
Shared Categories
HCL AppScan and SonarQube Server (formerly SonarQube) are categorized as Static Application Security Testing (SAST)
Unique Categories
HCL AppScan is categorized as Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis
SonarQube Server (formerly SonarQube) is categorized as Software Development Analytics Tools, Secure Code Review, Static Code Analysis, and Application Security Posture Management (ASPM)
Reviews
Reviewers' Company Size
HCL AppScan
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
SonarQube Server (formerly SonarQube)
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
Small-Business
(50 or fewer emp.)
Mid-Market
(51-1000 emp.)
Enterprise
(> 1000 emp.)
Reviewers' Industry
Information Technology and Services
24.3%
Computer & Network Security
13.5%
Computer Software
9.5%
Automotive
8.1%
Banking
6.8%
Other
37.8%
Computer Software
23.6%
Information Technology and Services
22.5%
Financial Services
7.9%
Hospital & Health Care
4.5%
Computer & Network Security
4.5%
Other
37.1%
Most Helpful Reviews
HCL AppScan
Most Helpful Favorable Review
Verified User in Information Technology and Services
AppScan's thorough scanning capabilities and CI/CD integration streamline security testing. Detailed reporting aids in prioritizing vulnerabilities effectively.
Most Helpful Critical Review
Verified User in Information Technology and Services
We can't relay solely on scanner results ,have to depend on manual testing as well
SonarQube Server (formerly SonarQube)
Most Helpful Favorable Review
Kevin B.
Verified User in Computer Software
What I love about SonarQube is how it digs deep into my code and finds hidden issues which are not as obvious when writing the code, especially bugs and security problems, across different programming languages. It hooks up smoothly with my CI/CD pipelines,...
Most Helpful Critical Review
Verified User in Medical Devices
My experience as a SonarSource customer shows that they manifest little interest in small customers. In addition, their quality policy is poor when it comes to fixing major bugs in their code. For instance, this ticket has now been open for 1 year without...
Verified User in Information Technology and Services
AppScan's thorough scanning capabilities and CI/CD integration streamline security testing. Detailed reporting aids in prioritizing vulnerabilities effectively.
Kevin B.
Verified User in Computer Software
What I love about SonarQube is how it digs deep into my code and finds hidden issues which are not as obvious when writing the code, especially bugs and security problems, across different programming languages. It hooks up smoothly with my CI/CD pipelines,...
Verified User in Information Technology and Services
We can't relay solely on scanner results ,have to depend on manual testing as well
Verified User in Medical Devices
My experience as a SonarSource customer shows that they manifest little interest in small customers. In addition, their quality policy is poor when it comes to fixing major bugs in their code. For instance, this ticket has now been open for 1 year without...
Alternatives
Discussions
Is AppScan free?
1 comment
AB
APPSCAN CodeSweep is free as a plugin in Visual Studio.Read more
Who owns AppScan?
1 comment
Official Response from HCL AppScan
HCL AppScan is owned by HCL Software.Read more
HCL AppScan has no more discussions with answers
SonarQube Server (formerly SonarQube) has no discussions with answers
Hunting for software insights?
With over 2.5 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.
or continue with
Gmail.com addresses not permitted. A business domain using Google is allowed.
By proceeding, you agree to our Terms of Use and Privacy Policy
