# DerScanner vs SonarQube Comparison --- ## AI Generated Summary - **G2 reviewers report** that SonarQube excels in user satisfaction, receiving a higher overall score compared to DerScanner. Users appreciate its **simple deployment** process, particularly highlighting the ease of installation on platforms like Kubernetes using YAML formats. - **Users say** that while DerScanner offers a perfect score in ease of use, SonarQube still provides valuable features such as **code suggestions** that enhance code quality and help developers identify potential errors in their code flows. - **Reviewers mention** that DerScanner shines in collaboration, allowing security and development teams to work together more effectively. This integration helps incorporate security measures early in the development process, making it easier for developers to address security concerns. - **According to verified reviews** , SonarQube has a significant advantage in terms of total user feedback, with over 120 reviews compared to DerScanner's 11. This larger volume of reviews provides a more reliable perspective on user experiences and satisfaction. - **Users highlight** that DerScanner effectively addresses the common challenge of false positives in SAST solutions, making it easier for teams to focus on critical issues rather than being overwhelmed by numerous alerts. - **G2 reviewers report** that while SonarQube has a solid reputation for its features, it faces challenges in areas like extensibility and reporting, where DerScanner outperforms with higher ratings, indicating a more robust offering in those specific functionalities. | | DerScanner | SonarQube | |---|---|---| | **Star Rating** | 5.0 out of 5 | 4.4 out of 5 | | **Total Reviews** | 8 | 145 | | **Largest Market Segment** | Small-Business (50.0% of reviews) | Enterprise (41.8% of reviews) | | **Entry Level Price** | No pricing available | Free | --- ## Top Pros & Cons ### DerScanner **Not enough data** ### SonarQube Pros: - Code Quality (24 reviews) - Features (20 reviews) Cons: - Software Bugs (12 reviews) - Complex Configuration (10 reviews) --- ## Ratings Comparison | Rating | DerScanner | SonarQube | |---|---|---| | **Meets Requirements** | 10.0 (6 reviews) | 8.8 (122 reviews) | | **Ease of Use** | 10.0 (6 reviews) | 8.5 (125 reviews) | | **Ease of Setup** | Not enough data | 8.1 (84 reviews) | | **Ease of Admin** | Not enough data | 8.5 (67 reviews) | | **Quality of Support** | 10.0 (6 reviews) | 8.2 (103 reviews) | | **Has the product been a good partner in doing business?** | Not enough data | 8.3 (60 reviews) | | **Product Direction (% positive)** | 10.0 (6 reviews) | 8.6 (118 reviews) | --- ## Pricing ### DerScanner #### Entry-Level Pricing No pricing available #### Free Trial No information available ### SonarQube #### Entry-Level Pricing Plan: Free Price: Free Description: For developers wanting to try SonarQube. Key Features: - Scan of private projects limited to 50k lines of code - Users limited to max. 5 - Architecture management [Browse all 3 editions](https://www.g2.com/products/sonarqube/pricing) #### Free Trial Yes --- ## Features Comparison By Category ### Static Application Security Testing (SAST) | Product | Score | Reviews | |---|---|---| | **DerScanner** | 9.9/10 | 10 | | **SonarQube** | 7.2/10 | 27 | #### Administration | Feature | DerScanner | SonarQube | |---|---|---| | **API / Integrations** | 10.0 (6 reviews) | 7.9 (20 reviews) | | **Extensibility** | 10.0 (6 reviews) | 6.0 (20 reviews) | #### Analysis | Feature | DerScanner | SonarQube | |---|---|---| | **Reporting and Analytics** | 10.0 (5 reviews) | 7.4 (21 reviews) | | **Issue Tracking** | 9.7 (6 reviews) | 8.1 (21 reviews) | | **Static Code Analysis** | 9.7 (6 reviews) | 9.1 (25 reviews) | | **Code Analysis** | Not enough data | 9.1 (25 reviews) | #### Testing | Feature | DerScanner | SonarQube | |---|---|---| | **Command-Line Tools** | Not enough data | 6.6 (18 reviews) | | **Manual Testing** | Feature Not Available | 5.9 (19 reviews) | | **Test Automation** | Feature Not Available | 6.2 (22 reviews) | | **Compliance Testing** | Not enough data | 6.9 (18 reviews) | | **Black-Box Scanning** | Not enough data | 6.8 (17 reviews) | | **Detection Rate** | Not enough data | 8.2 (21 reviews) | | **False Positives** | Not enough data | 6.9 (24 reviews) | #### Agentic AI - Static Application Security Testing (SAST) | Feature | DerScanner | SonarQube | |---|---|---| | **Autonomous Task Execution** | Not enough data | 6.0 (5 reviews) | ### Dynamic Application Security Testing (DAST) | Product | Score | Reviews | |---|---|---| | **DerScanner** | 9.8/10 | 10 | | **SonarQube** | N/A | N/A | #### Administration | Feature | DerScanner | SonarQube | |---|---|---| | **API / Integrations** | 10.0 (6 reviews) | Not enough data | | **Extensibility** | Feature Not Available | Not enough data | #### Analysis | Feature | DerScanner | SonarQube | |---|---|---| | **Reporting and Analytics** | 9.7 (6 reviews) | Not enough data | | **Issue Tracking** | 10.0 (6 reviews) | Not enough data | | **Static Code Analysis** | 9.7 (5 reviews) | Not enough data | | **Vulnerability Scan** | 10.0 (5 reviews) | Not enough data | | **Code Analysis** | 9.7 (5 reviews) | Not enough data | #### Testing | Feature | DerScanner | SonarQube | |---|---|---| | **Manual Testing** | Feature Not Available | Not enough data | | **Test Automation** | Feature Not Available | Not enough data | | **Compliance Testing** | 10.0 (5 reviews) | Not enough data | | **Black-Box Scanning** | 9.7 (5 reviews) | Not enough data | | **Detection Rate** | 9.7 (5 reviews) | Not enough data | | **False Positives** | 9.3 (5 reviews) | Not enough data | ### Software Development Analytics Tools | Product | Score | Reviews | |---|---|---| | **DerScanner** | N/A | N/A | | **SonarQube** | 8.0/10 | 36 | #### Functionality | Feature | DerScanner | SonarQube | |---|---|---| | **Repository Integration** | Not enough data | 8.1 (32 reviews) | | **Analytics and Trends** | Not enough data | 8.5 (31 reviews) | | **Productivity Updates** | Not enough data | 8.2 (30 reviews) | #### Management | Feature | DerScanner | SonarQube | |---|---|---| | **Historical Data Consolidation** | Not enough data | Feature Not Available | | **Data Context** | Not enough data | 7.5 (26 reviews) | | **Testing Integration** | Not enough data | 7.9 (30 reviews) | ### Bug Tracking | Product | Score | Reviews | |---|---|---| | **DerScanner** | N/A | N/A | | **SonarQube** | 8.1/10 | 12 | #### Bug Reporting | Feature | DerScanner | SonarQube | |---|---|---| | **User Reports & Feedback** | Not enough data | 7.7 (10 reviews) | | **Tester Reports & Feedback** | Not enough data | 8.0 (10 reviews) | | **Team Reports & Comments** | Not enough data | 8.3 (10 reviews) | #### Bug Monitoring | Feature | DerScanner | SonarQube | |---|---|---| | **Analytics** | Not enough data | 7.8 (10 reviews) | | **Bug History** | Not enough data | 8.2 (11 reviews) | | **Data Retention** | Not enough data | 8.5 (10 reviews) | #### Agentic AI - Bug Tracking | Feature | DerScanner | SonarQube | |---|---|---| | **Adaptive Learning** | Not enough data | Not enough data | | **Natural Language Interaction** | Not enough data | Not enough data | | **Proactive Assistance** | Not enough data | Not enough data | ### Software Composition Analysis | Product | Score | Reviews | |---|---|---| | **DerScanner** | 9.3/10 | 7 | | **SonarQube** | N/A | N/A | #### Functionality - Software Composition Analysis | Feature | DerScanner | SonarQube | |---|---|---| | **Language Support** | Not enough data | Not enough data | | **Integration** | Not enough data | Not enough data | | **Transparency** | Not enough data | Not enough data | #### Effectiveness - Software Composition Analysis | Feature | DerScanner | SonarQube | |---|---|---| | **Remediation Suggestions** | Not enough data | Not enough data | | **Continuous Monitoring** | Not enough data | Not enough data | | **Thorough Detection** | 9.3 (5 reviews) | Not enough data | ### Secure Code Review | Product | Score | Reviews | |---|---|---| | **DerScanner** | N/A | N/A | | **SonarQube** | 7.6/10 | 47 | #### Documentation | Feature | DerScanner | SonarQube | |---|---|---| | **Feedback** | Not enough data | 8.0 (42 reviews) | | **Prioritization** | Not enough data | 7.6 (37 reviews) | | **Remediation Suggestions** | Not enough data | 8.4 (39 reviews) | #### Security | Feature | DerScanner | SonarQube | |---|---|---| | **False Positives** | Not enough data | 6.8 (38 reviews) | | **Custom Compliance** | Not enough data | 7.0 (34 reviews) | | **Agility** | Not enough data | 8.0 (38 reviews) | ### Application Security Posture Management (ASPM) | Product | Score | Reviews | |---|---|---| | **DerScanner** | N/A | N/A | | **SonarQube** | 8.5/10 | 7 | #### Risk management - Application Security Posture Management (ASPM) | Feature | DerScanner | SonarQube | |---|---|---| | **Vulnerability Management** | Not enough data | 9.3 (5 reviews) | | **Risk Assessment and Prioritization** | Not enough data | Feature Not Available | | **Compliance Management** | Not enough data | 9.0 (5 reviews) | | **Policy Enforcement** | Not enough data | 8.9 (6 reviews) | #### Integration and efficiency - Application Security Posture Management (ASPM) | Feature | DerScanner | SonarQube | |---|---|---| | **Integration with Development Tools** | Not enough data | 7.8 (6 reviews) | | **Automation and Efficiency** | Not enough data | Feature Not Available | #### Reporting and Analytics - Application Security Posture Management (ASPM) | Feature | DerScanner | SonarQube | |---|---|---| | **Trend Analysis** | Not enough data | 7.8 (6 reviews) | | **Risk Scoring** | Not enough data | Not enough data | | **Customizable Dashboards** | Not enough data | 8.3 (5 reviews) | #### Agentic AI - Application Security Posture Management (ASPM) | Feature | DerScanner | SonarQube | |---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | | **Multi-step Planning** | Not enough data | Not enough data | ### Software Bill of Materials (SBOM) | Product | Score | Reviews | |---|---|---| | **DerScanner** | N/A | N/A | | **SonarQube** | N/A | N/A | #### Functionality - Software Bill of Materials (SBOM) | Feature | DerScanner | SonarQube | |---|---|---| | **Format Support** | Not enough data | Not enough data | | **Annotations** | Not enough data | Not enough data | | **Attestation** | Not enough data | Not enough data | #### Management - Software Bill of Materials (SBOM) | Feature | DerScanner | SonarQube | |---|---|---| | **Monitoring** | Not enough data | Not enough data | | **Dashboards** | Not enough data | Not enough data | | **User Provisioning** | Not enough data | Not enough data | ### AI Governance Tools | Product | Score | Reviews | |---|---|---| | **DerScanner** | N/A | N/A | | **SonarQube** | N/A | N/A | #### AI Compliance | Feature | DerScanner | SonarQube | |---|---|---| | **Regulatory Reporting** | Not enough data | Not enough data | | **Automated Compliance** | Not enough data | Not enough data | | **Audit Trails** | Not enough data | Feature Not Available | #### Risk Management & Monitoring | Feature | DerScanner | SonarQube | |---|---|---| | **AI Risk Management** | Not enough data | Feature Not Available | | **Real-time Monitoring** | Not enough data | Not enough data | #### AI Lifecycle Management | Feature | DerScanner | SonarQube | |---|---|---| | **Lifecycle Automation** | Not enough data | Feature Not Available | #### Access Control and Security | Feature | DerScanner | SonarQube | |---|---|---| | **Pole-based Access Control (RBAC)** | Not enough data | Not enough data | #### Collaboration and Communication | Feature | DerScanner | SonarQube | |---|---|---| | **Model Sharing and Reuse** | Not enough data | Feature Not Available | #### Agentic AI - AI Governance Tools | Feature | DerScanner | SonarQube | |---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | | **Multi-step Planning** | Not enough data | Not enough data | | **Cross-system Integration** | Not enough data | Not enough data | | **Adaptive Learning** | Not enough data | Not enough data | | **Natural Language Interaction** | Not enough data | Not enough data | | **Proactive Assistance** | Not enough data | Feature Not Available | | **Decision Making** | Not enough data | Not enough data | ### Static Code Analysis | Product | Score | Reviews | |---|---|---| | **DerScanner** | N/A | N/A | | **SonarQube** | 6.2/10 | 8 | #### Agentic AI - Static Code Analysis | Feature | DerScanner | SonarQube | |---|---|---| | **Adaptive Learning** | Not enough data | 6.3 (8 reviews) | | **Natural Language Interaction** | Not enough data | 5.7 (7 reviews) | | **Proactive Assistance** | Not enough data | 6.7 (8 reviews) | ### AI AppSec Assistants | Product | Score | Reviews | |---|---|---| | **DerScanner** | N/A | N/A | | **SonarQube** | N/A | N/A | #### Performance - AI AppSec Assistants | Feature | DerScanner | SonarQube | |---|---|---| | **Remediation** | Not enough data | Not enough data | | **Real-time Vulnerability Detection** | Not enough data | Not enough data | | **Accuracy** | Not enough data | Not enough data | #### Integration - AI AppSec Assistants | Feature | DerScanner | SonarQube | |---|---|---| | **Stack Integration** | Not enough data | Not enough data | | **Workflow Integration** | Not enough data | Not enough data | | **Codebase Contextual Awareness** | Not enough data | Not enough data | ### Cloud Security | Product | Score | Reviews | |---|---|---| | **DerScanner** | N/A | N/A | | **SonarQube** | N/A | N/A | #### Cloud Visibility | Feature | DerScanner | SonarQube | |---|---|---| | **Data Discovery** | Not enough data | Not enough data | | **Cloud Registry** | Not enough data | Not enough data | | **Cloud Gap Analytics** | Not enough data | Not enough data | #### Security | Feature | DerScanner | SonarQube | |---|---|---| | **Data Security** | Not enough data | Not enough data | | **Data loss Prevention** | Not enough data | Not enough data | | **Security Auditing** | Not enough data | Not enough data | #### Identity | Feature | DerScanner | SonarQube | |---|---|---| | **SSO** | Not enough data | Not enough data | | **Governance** | Not enough data | Not enough data | | **User Analytics** | Not enough data | Not enough data | --- ## Categories **Shared Categories (2):** [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis), [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) **Unique to DerScanner (1):** [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) **Unique to SonarQube (8):** [Application Security Posture Management (ASPM) Software](https://www.g2.com/categories/application-security-posture-management-aspm), [Secure Code Review Software](https://www.g2.com/categories/secure-code-review), [Software Development Analytics Tools](https://www.g2.com/categories/software-development-analytics-tools), [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis), [Bug Tracking Software](https://www.g2.com/categories/bug-tracking), [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom), [AI AppSec Assistants](https://www.g2.com/categories/ai-appsec-assistants), [ AI Governance Tools](https://www.g2.com/categories/ai-governance-tools) --- ## Reviewer Demographics ### By Company Size | Segment | DerScanner | SonarQube | |---|---|---| | **Small-Business** | 50.0% | 17.7% | | **Mid-Market** | 50.0% | 40.4% | | **Enterprise** | 0% | 41.8% | ### By Industry #### DerScanner - **Information Technology and Services:** 37.5% - **Real Estate:** 25.0% - **Professional Training & Coaching:** 12.5% - **Industrial Automation:** 12.5% - **Consumer Electronics:** 12.5% #### SonarQube - **Information Technology and Services:** 26.8% - **Computer Software:** 20.3% - **Financial Services:** 8.0% - **Banking:** 3.6% - **Automotive:** 2.9% - **Computer & Network Security:** 2.9% - **Hospital & Health Care:** 2.9% - **Manufacturing:** 2.2% - **Aviation & Aerospace:** 2.2% - **Telecommunications:** 2.2% - **Other:** 26.1% --- ## Alternatives ### Alternatives to DerScanner - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2366 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (896 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (813 reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) — 4.4/5 stars (314 reviews) - [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) — 4.5/5 stars (302 reviews) - [GitGuardian](https://www.g2.com/products/gitguardian/reviews) — 4.8/5 stars (263 reviews) - [Intruder](https://www.g2.com/products/intruder/reviews) — 4.8/5 stars (206 reviews) - [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) — 4.6/5 stars (189 reviews) - [Cobalt](https://www.g2.com/products/cobalt-io-cobalt/reviews) — 4.5/5 stars (177 reviews) - [Snyk](https://www.g2.com/products/snyk/reviews) — 4.5/5 stars (133 reviews) ### Alternatives to SonarQube - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2366 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (896 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (26 reviews) - [Mend.io](https://www.g2.com/products/mend-io/reviews) — 4.3/5 stars (112 reviews) - [Semgrep](https://www.g2.com/products/semgrep/reviews) — 4.6/5 stars (55 reviews) - [Snyk](https://www.g2.com/products/snyk/reviews) — 4.5/5 stars (133 reviews) - [Aikido Security](https://www.g2.com/products/aikido-security/reviews) — 4.6/5 stars (141 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) — 4.2/5 stars (43 reviews) - [Kiuwan Code Security & Insights](https://www.g2.com/products/kiuwan-code-security-insights/reviews) — 4.5/5 stars (34 reviews) - [Embold](https://www.g2.com/products/embold/reviews) — 4.7/5 stars (18 reviews) --- ## Top Discussions ### DerScanner No discussions available for this product. ### SonarQube No discussions available for this product. --- **Source:** [G2.com](https://www.g2.com) | [Comparison Page](https://www.g2.com/compare/derscanner-vs-sonarqube)