F5 Distributed Cloud Bot Defense vs. SonarQube Server

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
F5 Distributed Cloud Bot Defense
Score 8.7 out of 10
N/A
F5 Distributed Cloud Bot Defense (formerly Shape Defense, acquired January 2020) provides security to protect a website from bots, fake users, and unauthorized transactions, preventing large scale fraud and eroded user experiences. Companies get visibility, detection and mitigation outcomes to reduce fraud and cloud hosting, bandwidth and compute costs, improve user experiences, and optimize their business based on real human traffic.N/A
SonarQube Server
Score 9.5 out of 10
N/A
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
$720
per year per installation
Pricing
F5 Distributed Cloud Bot DefenseSonarQube Server
Editions & Modules
Enterprise
Custom Quote
per year
Community
Free
Developer EDITION
starting at $720
per year per installation
Enterprise EDITION
Contact sales for pricing
per year per installation
Data Center EDITION
Contact sales for pricing
per year per installation
Offerings
Pricing Offerings
F5 Distributed Cloud Bot DefenseSonarQube Server
Free Trial
YesYes
Free/Freemium Version
NoYes
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeOptionalNo setup fee
Additional Details
More Pricing Information
Community Pulse
F5 Distributed Cloud Bot DefenseSonarQube Server
Best Alternatives
F5 Distributed Cloud Bot DefenseSonarQube Server
Small Businesses
GitLab
GitLab
Score 8.7 out of 10
GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
F5 Distributed Cloud Bot DefenseSonarQube Server
Likelihood to Recommend
8.7
(0 ratings)
8.8
(0 ratings)
Usability
-
(0 ratings)
9.1
(0 ratings)
Support Rating
8.5
(0 ratings)
9.0
(0 ratings)
Implementation Rating
8.2
(0 ratings)
-
(0 ratings)
User Testimonials
F5 Distributed Cloud Bot DefenseSonarQube Server
Likelihood to Recommend
I'd strongly recommend it, but with a few caveats depending on how mature the team is with behavioral based security tools. One of our fintech clients was getting hit with low volume, widely spread login attempts, below our rate limiting thresholds. F5 Distributed Cloud Bot Defense was able to flag abnormal input timings, inconsistent device fingerprinting and high entropy in field population behavior. You can only imagine the wave of downstream account lockouts this saved the client. On the other end we had a client with a real time trading platform using Graphql over websockets. F5 Distributed Cloud Bot Defense wasn't able to tap into that stream natively. we had to reverse engineer a proxy layer to inspect events. It worked but it was clunky and not officially supported
Read full review
Scenarios where SonarQube is well suited:
  1. Large codebase: The tool's static analysis capabilities can help teams quickly identify and fix bugs, vulnerabilities, and code smells in large codebases.
  2. Compliance and security: The tool can check the code against industry standards or regulations, such as OWASP and CWE, and identify any issues that need to be addressed.
  3. Agile development: SonarQube can be integrated with CI/CD pipelines allowing teams to continuously monitor and improve code quality throughout the development process.
  4. Teams using multiple languages: Teams that use multiple programming languages can benefit from using SonarQube, as the tool supports a wide range of languages and can be integrated with a variety of development tools.
Scenarios where SonarQube may be less appropriate:
  1. Small codebase: Organizations with a small codebase may not see the full benefits of using SonarQube, as the tool's static analysis capabilities may be overkill for a smaller codebase.
  2. Limited resources: Organizations with limited resources may find it difficult to set up and configure SonarQube, as the tool can be complex and may require specialized expertise.
  3. Limited integration: Organizations that use development tools or IDEs that are not supported by SonarQube may find it difficult to integrate the tool into their existing development workflow.
  4. Limited scalability: Large organizations with millions of lines of code may find SonarQube's performance and scalability to be an issue. It may take longer for the analysis to finish and the results may not be as accurate.
Read full review
Pros
  • Regularly analyze traffic patterns and bot activity. Use the insights provided by the platform to refine rules and policies.
  • Configure rules to specify acceptable behavior for user interactions and alter sensitivity levels as appropriate to reduce false positives.
  • Integrate F5 Bot Defense into our existing security stack, which may include WAFs (Web Application Firewalls) and SIEM (Security Information and Event Management) solutions.
Read full review
  • Generating code quality report
  • Calculates junit coverage of the codebase very efficiently and precisely
  • Highlights the bugs and vulnerabilities in our codebase
  • Informs the user of the improvements which can be done to the code to make it cleaner
  • SonarQube also suggests remediation and resolution of the problems it highlights
Read full review
Cons
  • On a technical side, we've had a lot of deployment issues. This is not a one-sprint solution.
  • We ran into undocumented failure modes and had to rely on L2 and L3 customer support, delaying troubleshooting significantly [in our experience].
  • Accurate log ingestion is a larger challenge than one would want in a security tool.
Read full review
  • It doesn't provide automatic pull request with fixes
  • It doesn't provide insights about the libraries of the projects
  • The administration management user interface could be simplified
  • It doesn't provide an order to fix issues, like archives with more and frequent commits have top priority
Read full review
Likelihood to Renew
We are more likely than not, to renew it. It saved us from a really huge data breach 4 months ago. It has earned its shower so far
Read full review
No answers on this topic
Usability
No answers on this topic
It can improve in some user experience and usability parts, like the code view and the way we assign issues it's a bit hidden and not highlighted
Read full review
Support Rating
Official support can sometimes take time to reach the right people. However, once you are in contact with the appropriate experts, the support is excellent, as F5 staff are true specialists. On the other hand, we always receive prompt assistance from our local sales team, who typically help us connect with the right people quickly.
Read full review
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Read full review
Implementation Rating
Implementation of Distributed Cloud is accomplished a few different ways, it would pay to meet with the F5 team and map out your implementation prior to acquisition to make sure you Infrastructure and Operations teams are aligned to the approach and requirements.
Read full review
No answers on this topic
Alternatives Considered
Clodflare bot management was our other obvious option for us. We tested it on a staging version of our RFQ platform. It was great for broad traffic filtering but had a hard time with nuanced differences between real subcontractors and low volume bots mimickingt human input whereas that's where F5 Distributed Cloud Bot Defense thrived
Read full review
SonarQube identifies significant more thing compared to the built-in suggestions in IntelliJ IDEA. The suggestions how to correct issues are also a lot better with SonarQube. IntelliJ IDEA provides great refactoring support to make it easy to refactor the code to solve issues. We use these tools together and they really complement each other.
Read full review
Return on Investment
  • We experience large web/data scraping attack campaigns and F5 Distributed Cloud Bot Defense over the years has helped mitigate these for us and significantly reducing load off of our origin servers.
  • Also, we experience many large Credential Stuffing attacks and F5 Distributed Cloud Bot Defense helps us stop these attacks and protects our customers.
Read full review
  • Positive ROI from the standpoint of flagging several issues that would have otherwise likely been unaddressed and caused more time to be spent closer to launch
  • Slightly positive ROI from time-saving perspective (it's an automated check which is nice, but depending on the issues it finds, can take developers time to investigate and resolve)
Read full review
ScreenShots

SonarQube Server Screenshots

Screenshot of Application Status.Screenshot of Portfolio Overview.Screenshot of Taint Analysis.