Need advice about which tool to choose?Ask the StackShare community!
SonarQube vs Veracode: What are the differences?
Developers describe SonarQube as "Continuous Code Quality". SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving. On the other hand, Veracode is detailed as "A simpler and more scalable way to increase the resiliency of your global application infrastructure". It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production.
SonarQube and Veracode can be categorized as "Code Review" tools.
SonarQube is an open source tool with 3.93K GitHub stars and 1.11K GitHub forks. Here's a link to SonarQube's open source repository on GitHub.
Pros of SonarQube
- Tracks code complexity and smell trends26
- IDE Integration16
- Complete code Review9
- Difficult to deploy1
Pros of Veracode
Sign up to add or upvote prosMake informed product decisions
Cons of SonarQube
- Sales process is long and unfriendly7
- Paid support is poor, techs arrogant and unhelpful7
- Does not integrate with Snyk1