GitGuardian vs. SonarQube Server

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
GitGuardian
Score 8.8 out of 10
N/A
GitGuardian is an end-to-end NHI security platform designed to help organizations strengthen their Non-Human Identity (NHI) security posture and address compliance standards and regulations. As attackers increasingly target NHIs, such as service accounts, service principals, and applications, protecting and managing these critical assets has become paramount. NHIs rely on “secrets” like API keys and certificates for authentication, and their rapid proliferation has led to significant…
$0
per developer in the perimeter
SonarQube Server
Score 9.5 out of 10
N/A
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
$720
per year per installation
Pricing
GitGuardianSonarQube Server
Editions & Modules
Small Teams - 1-25 developers
$0
per developer in the perimeter
Standard 26-100 developers
$18
per developer in the perimeter
Standard - 26 to 100 developers
$18
developer per month
Enterprise - above 100 developers
adhoc
developer
Community
Free
Developer EDITION
starting at $720
per year per installation
Enterprise EDITION
Contact sales for pricing
per year per installation
Data Center EDITION
Contact sales for pricing
per year per installation
Offerings
Pricing Offerings
GitGuardianSonarQube Server
Free Trial
YesYes
Free/Freemium Version
YesYes
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
GitGuardianSonarQube Server
Best Alternatives
GitGuardianSonarQube Server
Small Businesses
GitLab
GitLab
Score 8.7 out of 10
GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
GitGuardianSonarQube Server
Likelihood to Recommend
8.8
(0 ratings)
8.8
(0 ratings)
Usability
-
(0 ratings)
9.1
(0 ratings)
Support Rating
-
(0 ratings)
9.0
(0 ratings)
User Testimonials
GitGuardianSonarQube Server
Likelihood to Recommend
I do think it'll absolutely fit everyone who codes integrates with another platform or services. We all forget that one credentials one in a while, and especially those who managed public repository, it is important to keep an eye on accidentally committed credentials. While I think you don't really needs it for personal project, it's a nice to have, you don't want to waie up to 50k USD of sudden surcharge on resources you don't use.
Read full review
Scenarios where SonarQube is well suited:
  1. Large codebase: The tool's static analysis capabilities can help teams quickly identify and fix bugs, vulnerabilities, and code smells in large codebases.
  2. Compliance and security: The tool can check the code against industry standards or regulations, such as OWASP and CWE, and identify any issues that need to be addressed.
  3. Agile development: SonarQube can be integrated with CI/CD pipelines allowing teams to continuously monitor and improve code quality throughout the development process.
  4. Teams using multiple languages: Teams that use multiple programming languages can benefit from using SonarQube, as the tool supports a wide range of languages and can be integrated with a variety of development tools.
Scenarios where SonarQube may be less appropriate:
  1. Small codebase: Organizations with a small codebase may not see the full benefits of using SonarQube, as the tool's static analysis capabilities may be overkill for a smaller codebase.
  2. Limited resources: Organizations with limited resources may find it difficult to set up and configure SonarQube, as the tool can be complex and may require specialized expertise.
  3. Limited integration: Organizations that use development tools or IDEs that are not supported by SonarQube may find it difficult to integrate the tool into their existing development workflow.
  4. Limited scalability: Large organizations with millions of lines of code may find SonarQube's performance and scalability to be an issue. It may take longer for the analysis to finish and the results may not be as accurate.
Read full review
Pros
  • GitGuardian monitors every public or private GitHub commit ( that have GitGuardian installed) and event in real-time for secrets and sensitive data. In a leak scenario it immediately notifies us.
  • It uses sophisticated pattern matching techniques to detect credentials that cannot be strictly defined with a distinctive pattern (like unprefixed credentials)
  • It covers several API providers, database connection strings, private keys, certificates, usernames and passwords etc
  • GitGuardian have high True Positive Rate of around 91% and reduces alert fatigue with smart occurrences regrouping
Read full review
  • Generating code quality report
  • Calculates junit coverage of the codebase very efficiently and precisely
  • Highlights the bugs and vulnerabilities in our codebase
  • Informs the user of the improvements which can be done to the code to make it cleaner
  • SonarQube also suggests remediation and resolution of the problems it highlights
Read full review
Cons
  • Improved user interface: It would be beneficial to have a more intuitive and user-friendly interface for Internal Monitoring on GitGuardian. This would make it easier for users to quickly access the data they need and understand the results of their scans.
  • Automated alerts: It would be helpful to have automated alerts when certain conditions are met, such as when a scan reveals sensitive data or when a new repository is created. This would help users stay informed and take action in a timely manner.
  • More detailed reports: Currently, Internal Monitoring reports are limited in terms of the depth of information they provide. It would be useful to have more detailed reports that include additional metrics, such as the number of repositories scanned and the types of sensitive data found.
  • Faster scan times: Scan times can be slow at times, making it difficult to stay on top of changes in repositories quickly. It would be beneficial to have faster scan times so that users can take action quickly when needed.
Read full review
  • It doesn't provide automatic pull request with fixes
  • It doesn't provide insights about the libraries of the projects
  • The administration management user interface could be simplified
  • It doesn't provide an order to fix issues, like archives with more and frequent commits have top priority
Read full review
Usability
No answers on this topic
It can improve in some user experience and usability parts, like the code view and the way we assign issues it's a bit hidden and not highlighted
Read full review
Support Rating
No answers on this topic
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Read full review
Alternatives Considered
GitGuardian Internal
Monitoring offers a comprehensive suite of tools to monitor and protect
your organization's source code. It provides real-time visibility into
the security of your code, allowing you to quickly identify and address
potential vulnerabilities before they become a problem. Additionally, it
offers automated security scanning and alerting capabilities, ensuring
that any suspicious activity is quickly identified and addressed.
GitGuardian Internal Monitoring stands out from other solutions due
to its ability to detect potential security issues in real-time, rather
than relying on periodic scans. This allows for more timely detection of
potential vulnerabilities, which helps reduce the risk of data breaches
or other malicious activities
Read full review
SonarQube identifies significant more thing compared to the built-in suggestions in IntelliJ IDEA. The suggestions how to correct issues are also a lot better with SonarQube. IntelliJ IDEA provides great refactoring support to make it easy to refactor the code to solve issues. We use these tools together and they really complement each other.
Read full review
Return on Investment
  • Can't provide exact numbers due to restrictions but trust me our organization saved a decent amount of money coz there were several instances of secret leaks that is notified by GitGuardian.
  • GitGuardian has helped us identify and remediate secrets leaks in our public GitHub repositories. It has also helped us enforce our internal security policies and educate our developers on the best practices for secrets management
  • GitGuardian has been a great addition to our security toolset. It has helped us monitor our public GitHub repositories for any secrets or sensitive data. It has also integrated well with our existing systems and processes.
Read full review
  • Positive ROI from the standpoint of flagging several issues that would have otherwise likely been unaddressed and caused more time to be spent closer to launch
  • Slightly positive ROI from time-saving perspective (it's an automated check which is nice, but depending on the issues it finds, can take developers time to investigate and resolve)
Read full review
ScreenShots

GitGuardian Screenshots

Screenshot of GitGuardian Internal Monitoring - Monitoring ScreenScreenshot of GitGuardian Internal Monitoring - Secrets detailsScreenshot of GitGuardian Internal Monitoring - Scanning screen

SonarQube Server Screenshots

Screenshot of Application Status.Screenshot of Portfolio Overview.Screenshot of Taint Analysis.