Aqua Cloud Native Security Platform vs. SonarQube Server

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Aqua Cloud Native Security Platform
Score 6.2 out of 10
N/A
The Aqua Platform is an integrated Cloud Native Application Protection Platform (CNAPP), that prioritizes risk and automates prevention while also focussing on detection and response across the lifecycle. It aims to stop current and prevent future cloud native attacks.
$10,188
per year
SonarQube Server
Score 9.5 out of 10
N/A
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
$720
per year per installation
Pricing
Aqua Cloud Native Security PlatformSonarQube Server
Editions & Modules
Team
$10,188
per year
Advanced
$25,188
per year
Enterprise
Tiered Pricing
Community
Free
Developer EDITION
starting at $720
per year per installation
Enterprise EDITION
Contact sales for pricing
per year per installation
Data Center EDITION
Contact sales for pricing
per year per installation
Offerings
Pricing Offerings
Aqua Cloud Native Security PlatformSonarQube Server
Free Trial
NoYes
Free/Freemium Version
YesYes
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Aqua Cloud Native Security PlatformSonarQube Server
Best Alternatives
Aqua Cloud Native Security PlatformSonarQube Server
Small Businesses

No answers on this topic

GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Aqua Cloud Native Security PlatformSonarQube Server
Likelihood to Recommend
6.6
(0 ratings)
8.8
(0 ratings)
Usability
6.4
(0 ratings)
9.1
(0 ratings)
Support Rating
-
(0 ratings)
9.0
(0 ratings)
User Testimonials
Aqua Cloud Native Security PlatformSonarQube Server
Likelihood to Recommend
Excellent tool for identifying Cloud security issues such as vulnerabilities or misconfigurations. The complaince scanning ability is perfect for enterprise organization to maintain complaince based off various complaince programs.
Read full review
Scenarios where SonarQube is well suited:
  1. Large codebase: The tool's static analysis capabilities can help teams quickly identify and fix bugs, vulnerabilities, and code smells in large codebases.
  2. Compliance and security: The tool can check the code against industry standards or regulations, such as OWASP and CWE, and identify any issues that need to be addressed.
  3. Agile development: SonarQube can be integrated with CI/CD pipelines allowing teams to continuously monitor and improve code quality throughout the development process.
  4. Teams using multiple languages: Teams that use multiple programming languages can benefit from using SonarQube, as the tool supports a wide range of languages and can be integrated with a variety of development tools.
Scenarios where SonarQube may be less appropriate:
  1. Small codebase: Organizations with a small codebase may not see the full benefits of using SonarQube, as the tool's static analysis capabilities may be overkill for a smaller codebase.
  2. Limited resources: Organizations with limited resources may find it difficult to set up and configure SonarQube, as the tool can be complex and may require specialized expertise.
  3. Limited integration: Organizations that use development tools or IDEs that are not supported by SonarQube may find it difficult to integrate the tool into their existing development workflow.
  4. Limited scalability: Large organizations with millions of lines of code may find SonarQube's performance and scalability to be an issue. It may take longer for the analysis to finish and the results may not be as accurate.
Read full review
Pros
  • seamless integration with GitHub, Jfrog, etc
  • Easy configuration of security policy
  • detailed instructions regarding finding of Vulnerabilities
Read full review
  • Generating code quality report
  • Calculates junit coverage of the codebase very efficiently and precisely
  • Highlights the bugs and vulnerabilities in our codebase
  • Informs the user of the improvements which can be done to the code to make it cleaner
  • SonarQube also suggests remediation and resolution of the problems it highlights
Read full review
Cons
  • The UI/UX of the Aqua platform has several issues, especially with the sign up/in flow, authentication, alerts and display of results
  • Missing a few prominent notification channels for alerts such as Datadog, Webhooks
  • Lacks complete granularity in RBAC with the ability to set permissions based on the cloud
  • Some parts of the cocumentation for connecting an Oracle Cloud account is not up to update or clear
Read full review
  • It doesn't provide automatic pull request with fixes
  • It doesn't provide insights about the libraries of the projects
  • The administration management user interface could be simplified
  • It doesn't provide an order to fix issues, like archives with more and frequent commits have top priority
Read full review
Usability
The UI and UX of the platform requires some work since the platform is not for all screen sizes and the experience with certain features such as authentication and creating alerts is not great. The session times out while performing an action and having to repeat the entire action once again, which is not a great experience. Adding notification channels while creating the alerts is not seamless. But the platform has good UX with some great documentation for integrations along with the ability to customise dashboards.
Read full review
It can improve in some user experience and usability parts, like the code view and the way we assign issues it's a bit hidden and not highlighted
Read full review
Support Rating
No answers on this topic
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Read full review
Alternatives Considered
Aqua Cloud Native Security Platform is easy to implement and manage compare the Dome9.
Read full review
SonarQube identifies significant more thing compared to the built-in suggestions in IntelliJ IDEA. The suggestions how to correct issues are also a lot better with SonarQube. IntelliJ IDEA provides great refactoring support to make it easy to refactor the code to solve issues. We use these tools together and they really complement each other.
Read full review
Return on Investment
  • Identified issues with our cloud platforms, preventing security exploits on our platforms
Read full review
  • Positive ROI from the standpoint of flagging several issues that would have otherwise likely been unaddressed and caused more time to be spent closer to launch
  • Slightly positive ROI from time-saving perspective (it's an automated check which is nice, but depending on the issues it finds, can take developers time to investigate and resolve)
Read full review
ScreenShots

SonarQube Server Screenshots

Screenshot of Application Status.Screenshot of Portfolio Overview.Screenshot of Taint Analysis.