Get Advice Icon

Need advice about which tool to choose?Ask the StackShare community!

SonarQube
SonarQube

534
260
+ 1
14
Veracode
Veracode

6
3
+ 1
0
Add tool

SonarQube vs Veracode: What are the differences?

Developers describe SonarQube as "Continuous Code Quality". SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving. On the other hand, Veracode is detailed as "A simpler and more scalable way to increase the resiliency of your global application infrastructure". It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production.

SonarQube and Veracode can be categorized as "Code Review" tools.

SonarQube is an open source tool with 3.93K GitHub stars and 1.11K GitHub forks. Here's a link to SonarQube's open source repository on GitHub.

- No public GitHub repository available -

What is SonarQube?

SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.

What is Veracode?

It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production.
Get Advice Icon

Need advice about which tool to choose?Ask the StackShare community!

Why do developers choose SonarQube?
Why do developers choose Veracode?
    Be the first to leave a pro
      Be the first to leave a con
        Be the first to leave a con
        What companies use SonarQube?
        What companies use Veracode?

        Sign up to get full access to all the companiesMake informed product decisions

        What tools integrate with SonarQube?
        What tools integrate with Veracode?

        Sign up to get full access to all the tool integrationsMake informed product decisions

        What are some alternatives to SonarQube and Veracode?
        ReSharper
        It is a popular developer productivity extension for Microsoft Visual Studio. It automates most of what can be automated in your coding routines. It finds compiler errors, runtime errors, redundancies, and code smells right as you type, suggesting intelligent corrections for them.
        Checkmarx
        It is a provider of state-of-the-art application security solution: static code analysis software, seamlessly integrated into development process.
        FindBugs
        It detects possible bugs in Java programs. Potential errors are classified in four ranks: scariest, scary, troubling and of concern. This is a hint to the developer about their possible impact or severity.
        Codacy
        Codacy is an automated code review tool for Scala, Java, Ruby, JavaScript, PHP, Python, CoffeeScript and CSS. It's continuous static analysis without the hassle. Save time in Code Reviews. Tackle your technical debt
        ESLint
        A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.
        See all alternatives
        Decisions about SonarQube and Veracode
        Ganesa Vijayakumar
        Ganesa Vijayakumar
        Full Stack Coder | Module Lead | 15 upvotes 414K views
        SonarQube
        SonarQube
        Codacy
        Codacy
        Docker
        Docker
        Git
        Git
        Apache Maven
        Apache Maven
        Amazon EC2 Container Service
        Amazon EC2 Container Service
        Microsoft Azure
        Microsoft Azure
        Amazon Route 53
        Amazon Route 53
        Elasticsearch
        Elasticsearch
        Solr
        Solr
        Amazon RDS
        Amazon RDS
        Amazon S3
        Amazon S3
        Heroku
        Heroku
        Hibernate
        Hibernate
        MySQL
        MySQL
        Node.js
        Node.js
        Java
        Java
        Bootstrap
        Bootstrap
        jQuery Mobile
        jQuery Mobile
        jQuery UI
        jQuery UI
        jQuery
        jQuery
        JavaScript
        JavaScript
        React Native
        React Native
        React Router
        React Router
        React
        React

        I'm planning to create a web application and also a mobile application to provide a very good shopping experience to the end customers. Shortly, my application will be aggregate the product details from difference sources and giving a clear picture to the user that when and where to buy that product with best in Quality and cost.

        I have planned to develop this in many milestones for adding N number of features and I have picked my first part to complete the core part (aggregate the product details from different sources).

        As per my work experience and knowledge, I have chosen the followings stacks to this mission.

        UI: I would like to develop this application using React, React Router and React Native since I'm a little bit familiar on this and also most importantly these will help on developing both web and mobile apps. In addition, I'm gonna use the stacks JavaScript, jQuery, jQuery UI, jQuery Mobile, Bootstrap wherever required.

        Service: I have planned to use Java as the main business layer language as I have 7+ years of experience on this I believe I can do better work using Java than other languages. In addition, I'm thinking to use the stacks Node.js.

        Database and ORM: I'm gonna pick MySQL as DB and Hibernate as ORM since I have a piece of good knowledge and also work experience on this combination.

        Search Engine: I need to deal with a large amount of product data and it's in-detailed info to provide enough details to end user at the same time I need to focus on the performance area too. so I have decided to use Solr as a search engine for product search and suggestions. In addition, I'm thinking to replace Solr by Elasticsearch once explored/reviewed enough about Elasticsearch.

        Host: As of now, my plan to complete the application with decent features first and deploy it in a free hosting environment like Docker and Heroku and then once it is stable then I have planned to use the AWS products Amazon S3, EC2, Amazon RDS and Amazon Route 53. I'm not sure about Microsoft Azure that what is the specialty in it than Heroku and Amazon EC2 Container Service. Anyhow, I will do explore these once again and pick the best suite one for my requirement once I reached this level.

        Build and Repositories: I have decided to choose Apache Maven and Git as these are my favorites and also so popular on respectively build and repositories.

        Additional Utilities :) - I would like to choose Codacy for code review as their Startup plan will be very helpful to this application. I'm already experienced with Google CheckStyle and SonarQube even I'm looking something on Codacy.

        Happy Coding! Suggestions are welcome! :)

        Thanks, Ganesa

        See more
        Codacy
        Codacy
        codebeat
        codebeat
        SonarQube
        SonarQube

        It is very important to have clean code. To be sure that the code quality is not really bad I use a few tools. I love SonarQube with many relevant hints and deep analysis of code. codebeat isn't so detailed, but it can find complexity issues and duplications. Codacy cannot find more bugs then your IDE. The winner for me is SonarQube that shows me really relevant bugs in my code.

        See more
        Interest over time
        Reviews of SonarQube and Veracode
        No reviews found
        How developers use SonarQube and Veracode
        Avatar of Trusted Shops GmbH
        Trusted Shops GmbH uses SonarQubeSonarQube

        To increase our code quality and make vulnerabilities visible, we added SonarQube to our Git(lab) workflow, so every commit is analyzed and code flaws are shown directly at the Mergerequest.

        Avatar of Sodep
        Sodep uses SonarQubeSonarQube

        Static code analysis for Java and Javascript projects.

        How much does SonarQube cost?
        How much does Veracode cost?
        Pricing unavailable
        Pricing unavailable
        News about SonarQube
        More news
        News about Veracode
        More news