# OpenText Static Application Security Testing vs SonarQube Comparison --- ## AI Generated Summary - **G2 reviewers report** that SonarQube excels in overall user satisfaction, boasting a significantly higher G2 Score compared to OpenText Static Application Security Testing. Users appreciate its **simple deployment** process, particularly highlighting the ease of installation on platforms like Kubernetes. - **Users say** that SonarQube provides valuable code suggestions that enhance code quality and help developers identify potential errors. This feature is particularly praised for its ability to guide users in writing more secure code, making it a strong choice for teams focused on maintaining high coding standards. - **According to verified reviews** , OpenText Static Application Security Testing shines with its extensive support for a wide range of programming languages, which is a significant advantage for teams working with diverse tech stacks. Users commend its ability to generate FPR files from CI/CD pipelines, enhancing integration capabilities. - **Reviewers mention** that while SonarQube has a robust set of features, it sometimes faces challenges in meeting specific workflow needs, particularly in terms of configuration. This can lead to a steeper learning curve for new users compared to OpenText, which is noted for its **large technology stack support**. - **Users highlight** that OpenText Static Application Security Testing is effective in identifying critical vulnerabilities, with its ability to compile code during scans being a unique feature that sets it apart. This capability is particularly valued by teams looking for thorough security assessments. - **G2 reviewers report** that while both products have similar star ratings, SonarQube's higher volume of recent reviews indicates a more active user base, suggesting that it may be more responsive to user feedback and evolving needs. This is complemented by its strong integration with tools like GitHub, which users find enhances their development workflow. | | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Star Rating** | 4.5 out of 5 | 4.4 out of 5 | | **Total Reviews** | 24 | 146 | | **Largest Market Segment** | Enterprise (47.6% of reviews) | Enterprise (42.3% of reviews) | | **Entry Level Price** | No pricing available | Free | --- ## Top Pros & Cons ### OpenText Static Application Security Testing Pros: - Easy Integrations (1 reviews) - Integrations (1 reviews) Cons: - False Positives (1 reviews) ### SonarQube Pros: - Code Quality (24 reviews) - Features (20 reviews) Cons: - Software Bugs (12 reviews) - Complex Configuration (10 reviews) --- ## Ratings Comparison | Rating | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Meets Requirements** | 8.3 (15 reviews) | 8.8 (123 reviews) | | **Ease of Use** | 8.7 (15 reviews) | 8.5 (126 reviews) | | **Ease of Setup** | 8.3 (9 reviews) | 8.1 (85 reviews) | | **Ease of Admin** | 8.1 (9 reviews) | 8.5 (67 reviews) | | **Quality of Support** | 8.7 (15 reviews) | 8.2 (104 reviews) | | **Has the product been a good partner in doing business?** | 8.5 (9 reviews) | 8.3 (60 reviews) | | **Product Direction (% positive)** | 9.1 (13 reviews) | 8.6 (119 reviews) | --- ## Pricing ### OpenText Static Application Security Testing #### Entry-Level Pricing No pricing available #### Free Trial No information available ### SonarQube #### Entry-Level Pricing Plan: Free Price: Free Description: For developers wanting to try SonarQube. Key Features: - Scan of private projects limited to 50k lines of code - Users limited to max. 5 - Architecture management [Browse all 3 editions](https://www.g2.com/products/sonarqube/pricing) #### Free Trial Yes --- ## Features Comparison By Category ### Static Application Security Testing (SAST) | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | 8.1/10 | 13 | | **SonarQube** | 7.2/10 | 28 | #### Administration | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **API / Integrations** | 8.9 (9 reviews) | 7.9 (21 reviews) | | **Extensibility** | 8.7 (10 reviews) | 6.0 (20 reviews) | #### Analysis | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Reporting and Analytics** | 8.3 (11 reviews) | 7.3 (22 reviews) | | **Issue Tracking** | 8.0 (11 reviews) | 8.1 (21 reviews) | | **Static Code Analysis** | 8.8 (11 reviews) | 9.1 (25 reviews) | | **Code Analysis** | 8.5 (10 reviews) | 9.0 (26 reviews) | #### Testing | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Command-Line Tools** | 8.1 (9 reviews) | 6.6 (18 reviews) | | **Manual Testing** | 6.9 (9 reviews) | 6.0 (20 reviews) | | **Test Automation** | 8.7 (10 reviews) | 6.4 (23 reviews) | | **Compliance Testing** | 8.5 (8 reviews) | 6.9 (18 reviews) | | **Black-Box Scanning** | 7.0 (9 reviews) | 6.8 (17 reviews) | | **Detection Rate** | 8.3 (9 reviews) | 8.2 (21 reviews) | | **False Positives** | 6.2 (11 reviews) | 6.9 (24 reviews) | #### Agentic AI - Static Application Security Testing (SAST) | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Autonomous Task Execution** | Not enough data | 6.0 (5 reviews) | ### Software Development Analytics Tools | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | N/A | N/A | | **SonarQube** | 8.0/10 | 36 | #### Functionality | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Repository Integration** | Not enough data | 8.1 (32 reviews) | | **Analytics and Trends** | Not enough data | 8.5 (31 reviews) | | **Productivity Updates** | Not enough data | 8.2 (30 reviews) | #### Management | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Historical Data Consolidation** | Not enough data | Feature Not Available | | **Data Context** | Not enough data | 7.5 (26 reviews) | | **Testing Integration** | Not enough data | 7.9 (30 reviews) | ### Bug Tracking | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | N/A | N/A | | **SonarQube** | 8.1/10 | 12 | #### Bug Reporting | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **User Reports & Feedback** | Not enough data | 7.7 (10 reviews) | | **Tester Reports & Feedback** | Not enough data | 8.0 (10 reviews) | | **Team Reports & Comments** | Not enough data | 8.3 (10 reviews) | #### Bug Monitoring | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Analytics** | Not enough data | 7.8 (10 reviews) | | **Bug History** | Not enough data | 8.2 (11 reviews) | | **Data Retention** | Not enough data | 8.5 (10 reviews) | #### Agentic AI - Bug Tracking | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Adaptive Learning** | Not enough data | Not enough data | | **Natural Language Interaction** | Not enough data | Not enough data | | **Proactive Assistance** | Not enough data | Not enough data | ### Software Composition Analysis | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | N/A | N/A | | **SonarQube** | N/A | N/A | #### Functionality - Software Composition Analysis | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Language Support** | Not enough data | Not enough data | | **Integration** | Not enough data | Not enough data | | **Transparency** | Not enough data | Not enough data | #### Effectiveness - Software Composition Analysis | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Remediation Suggestions** | Not enough data | Not enough data | | **Continuous Monitoring** | Not enough data | Not enough data | | **Thorough Detection** | Not enough data | Not enough data | ### Secure Code Review | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | N/A | N/A | | **SonarQube** | 7.6/10 | 47 | #### Documentation | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Feedback** | Not enough data | 8.0 (42 reviews) | | **Prioritization** | Not enough data | 7.6 (37 reviews) | | **Remediation Suggestions** | Not enough data | 8.4 (39 reviews) | #### Security | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **False Positives** | Not enough data | 6.8 (38 reviews) | | **Custom Compliance** | Not enough data | 7.0 (34 reviews) | | **Agility** | Not enough data | 8.0 (38 reviews) | ### Application Security Posture Management (ASPM) | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | N/A | N/A | | **SonarQube** | 8.5/10 | 7 | #### Risk management - Application Security Posture Management (ASPM) | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Vulnerability Management** | Not enough data | 9.3 (5 reviews) | | **Risk Assessment and Prioritization** | Not enough data | Feature Not Available | | **Compliance Management** | Not enough data | 9.0 (5 reviews) | | **Policy Enforcement** | Not enough data | 8.9 (6 reviews) | #### Integration and efficiency - Application Security Posture Management (ASPM) | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Integration with Development Tools** | Not enough data | 7.8 (6 reviews) | | **Automation and Efficiency** | Not enough data | Feature Not Available | #### Reporting and Analytics - Application Security Posture Management (ASPM) | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Trend Analysis** | Not enough data | 7.8 (6 reviews) | | **Risk Scoring** | Not enough data | Not enough data | | **Customizable Dashboards** | Not enough data | 8.3 (5 reviews) | #### Agentic AI - Application Security Posture Management (ASPM) | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | | **Multi-step Planning** | Not enough data | Not enough data | ### Software Bill of Materials (SBOM) | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | N/A | N/A | | **SonarQube** | N/A | N/A | #### Functionality - Software Bill of Materials (SBOM) | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Format Support** | Not enough data | Not enough data | | **Annotations** | Not enough data | Not enough data | | **Attestation** | Not enough data | Not enough data | #### Management - Software Bill of Materials (SBOM) | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Monitoring** | Not enough data | Not enough data | | **Dashboards** | Not enough data | Not enough data | | **User Provisioning** | Not enough data | Not enough data | ### AI Governance Tools | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | N/A | N/A | | **SonarQube** | N/A | N/A | #### AI Compliance | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Regulatory Reporting** | Not enough data | Not enough data | | **Automated Compliance** | Not enough data | Not enough data | | **Audit Trails** | Not enough data | Feature Not Available | #### Risk Management & Monitoring | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **AI Risk Management** | Not enough data | Feature Not Available | | **Real-time Monitoring** | Not enough data | Not enough data | #### AI Lifecycle Management | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Lifecycle Automation** | Not enough data | Feature Not Available | #### Access Control and Security | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Pole-based Access Control (RBAC)** | Not enough data | Not enough data | #### Collaboration and Communication | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Model Sharing and Reuse** | Not enough data | Feature Not Available | #### Agentic AI - AI Governance Tools | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | | **Multi-step Planning** | Not enough data | Not enough data | | **Cross-system Integration** | Not enough data | Not enough data | | **Adaptive Learning** | Not enough data | Not enough data | | **Natural Language Interaction** | Not enough data | Not enough data | | **Proactive Assistance** | Not enough data | Feature Not Available | | **Decision Making** | Not enough data | Not enough data | ### Static Code Analysis | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | N/A | N/A | | **SonarQube** | 6.2/10 | 8 | #### Agentic AI - Static Code Analysis | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Adaptive Learning** | Not enough data | 6.3 (8 reviews) | | **Natural Language Interaction** | Not enough data | 5.7 (7 reviews) | | **Proactive Assistance** | Not enough data | 6.7 (8 reviews) | ### AI AppSec Assistants | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | N/A | N/A | | **SonarQube** | N/A | N/A | #### Performance - AI AppSec Assistants | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Remediation** | Not enough data | Not enough data | | **Real-time Vulnerability Detection** | Not enough data | Not enough data | | **Accuracy** | Not enough data | Not enough data | #### Integration - AI AppSec Assistants | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Stack Integration** | Not enough data | Not enough data | | **Workflow Integration** | Not enough data | Not enough data | | **Codebase Contextual Awareness** | Not enough data | Not enough data | ### Cloud Security | Product | Score | Reviews | |---|---|---| | **OpenText Static Application Security Testing** | N/A | N/A | | **SonarQube** | N/A | N/A | #### Cloud Visibility | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Data Discovery** | Not enough data | Not enough data | | **Cloud Registry** | Not enough data | Not enough data | | **Cloud Gap Analytics** | Not enough data | Not enough data | #### Security | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Data Security** | Not enough data | Not enough data | | **Data loss Prevention** | Not enough data | Not enough data | | **Security Auditing** | Not enough data | Not enough data | #### Identity | Feature | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **SSO** | Not enough data | Not enough data | | **Governance** | Not enough data | Not enough data | | **User Analytics** | Not enough data | Not enough data | --- ## Categories **Shared Categories (2):** [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis), [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) **Unique to SonarQube (8):** [Application Security Posture Management (ASPM) Software](https://www.g2.com/categories/application-security-posture-management-aspm), [Secure Code Review Software](https://www.g2.com/categories/secure-code-review), [Software Development Analytics Tools](https://www.g2.com/categories/software-development-analytics-tools), [Bug Tracking Software](https://www.g2.com/categories/bug-tracking), [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis), [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom), [AI AppSec Assistants](https://www.g2.com/categories/ai-appsec-assistants), [ AI Governance Tools](https://www.g2.com/categories/ai-governance-tools) --- ## Reviewer Demographics ### By Company Size | Segment | OpenText Static Application Security Testing | SonarQube | |---|---|---| | **Small-Business** | 28.6% | 17.6% | | **Mid-Market** | 23.8% | 40.1% | | **Enterprise** | 47.6% | 42.3% | ### By Industry #### OpenText Static Application Security Testing - **Financial Services:** 23.8% - **Banking:** 19.0% - **Information Technology and Services:** 14.3% - **Computer Software:** 14.3% - **Computer & Network Security:** 9.5% - **Consulting:** 4.8% - **Hospital & Health Care:** 4.8% - **Higher Education:** 4.8% - **Automotive:** 4.8% #### SonarQube - **Information Technology and Services:** 26.6% - **Computer Software:** 20.9% - **Financial Services:** 7.9% - **Banking:** 3.6% - **Automotive:** 2.9% - **Computer & Network Security:** 2.9% - **Hospital & Health Care:** 2.9% - **Manufacturing:** 2.2% - **Aviation & Aerospace:** 2.2% - **Telecommunications:** 2.2% - **Other:** 25.9% --- ## Alternatives ### Alternatives to OpenText Static Application Security Testing - [Coverity](https://www.g2.com/products/coverity/reviews) — 4.2/5 stars (55 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) — 4.2/5 stars (43 reviews) - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2366 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (896 reviews) - [Mend.io](https://www.g2.com/products/mend-io/reviews) — 4.3/5 stars (112 reviews) - [Semgrep](https://www.g2.com/products/semgrep/reviews) — 4.6/5 stars (55 reviews) - [Snyk](https://www.g2.com/products/snyk/reviews) — 4.5/5 stars (133 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (26 reviews) - [Klocwork](https://www.g2.com/products/klocwork/reviews) — 4.4/5 stars (23 reviews) - [HCL AppScan](https://www.g2.com/products/hcl-appscan/reviews) — 4.1/5 stars (76 reviews) ### Alternatives to SonarQube - [GitHub](https://www.g2.com/products/github/reviews) — 4.7/5 stars (2366 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (896 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (26 reviews) - [Mend.io](https://www.g2.com/products/mend-io/reviews) — 4.3/5 stars (112 reviews) - [Semgrep](https://www.g2.com/products/semgrep/reviews) — 4.6/5 stars (55 reviews) - [Snyk](https://www.g2.com/products/snyk/reviews) — 4.5/5 stars (133 reviews) - [Aikido Security](https://www.g2.com/products/aikido-security/reviews) — 4.6/5 stars (141 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) — 4.2/5 stars (43 reviews) - [Kiuwan Code Security & Insights](https://www.g2.com/products/kiuwan-code-security-insights/reviews) — 4.5/5 stars (34 reviews) - [Embold](https://www.g2.com/products/embold/reviews) — 4.7/5 stars (18 reviews) --- ## Top Discussions ### OpenText Static Application Security Testing - Title: [What are the main components of Fortify?](https://www.g2.com/discussions/fortify-static-code-analyzer-what-are-the-main-components-of-fortify) — 1 comment > **Top comment:** "Fortify SSC server Fortify scan software for windows or Linux " - Title: [will provide Video training course for this tool?](https://www.g2.com/discussions/49959-will-provide-video-training-course-for-this-tool) — 1 comment, 1 upvote > **Top comment:** "Micro Focus has a comprehensive set of free training tools! Check out this one on SCA..." ### SonarQube No discussions available for this product. --- **Source:** [G2.com](https://www.g2.com) | [Comparison Page](https://www.g2.com/compare/opentext-static-application-security-testing-vs-sonarqube)