Introducing G2.ai, the future of software buying.Try now
Compare SonarQube and Veracode Application Security Platform 
Featured Products
At a Glance
Market Segments
Enterprise (41.6% of reviews)
Enterprise (52.2% of reviews)
Entry-Level Pricing
Free
No pricing available
SonarQube
Star Rating
(126)4.5 out of 5
Market Segments
Enterprise (41.6% of reviews)
Pros & Cons
Entry-Level Pricing
Free
Free Trial is available
Browse all 6 pricing plansVeracode Application Security Platform
Star Rating
(25)3.8 out of 5
Market Segments
Enterprise (52.2% of reviews)
Pros & Cons
Entry-Level Pricing
No pricing available
Learn more about Veracode Application Security PlatformSummary
AI Generated Summary
AI-generated. Powered by real user reviews.
- G2 reviewers report that SonarQube excels in user satisfaction, boasting a significantly higher overall rating compared to Veracode Application Security Platform. Users appreciate SonarQube's ability to provide code suggestions that enhance security and improve code quality, making it a preferred choice for many developers.
- Users say that SonarQube's implementation process is notably straightforward, especially when deploying on platforms like Kubernetes. This ease of setup is a stark contrast to Veracode, where some users have mentioned challenges during the initial configuration phase.
- Reviewers mention that SonarQube's integration with GitHub is seamless, allowing developers to run scans effortlessly. In comparison, while Veracode also integrates with GitHub, users have highlighted that its integration features could be more intuitive.
- According to verified reviews, SonarQube consistently receives praise for its ease of use, with many users finding the interface user-friendly and accessible. Veracode, while functional, has been noted to have a steeper learning curve, which can hinder new users.
- G2 reviewers highlight that both platforms offer valuable security features, but Veracode stands out for its specific capabilities in identifying vulnerabilities like social injections. Users have found its static code analysis particularly effective in addressing security concerns, although the overall user experience is less favorable compared to SonarQube.
- Users report that SonarQube's support quality is commendable, with timely assistance and helpful resources. Veracode also has a supportive team, but some users feel that the responsiveness could be improved, especially during critical implementation phases.
Pricing
Entry-Level Pricing
SonarQube
Cloud - based: Free
Free
For developers wanting to try SonarQube.
- Scan of private projects limited to 50k lines of code
- Users limited to max. 5
- Architecture management
Veracode Application Security Platform
No pricing availableFree Trial
SonarQube
Free Trial is available
Veracode Application Security Platform
No trial information availableRatings
Meets Requirements
8.8
109
8.1
19
Ease of Use
8.5
112
7.3
19
Ease of Setup
8.1
71
5.7
7
Ease of Admin
8.5
63
7.4
7
Quality of Support
8.2
91
8.0
18
Has the product been a good partner in doing business?
8.4
57
7.9
7
Product Direction (% positive)
8.6
106
6.3
19
Features by Category
Administration
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Testing
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Administration
7.8
19
Not enough data
6.0
20
Not enough data
Analysis
7.4
21
Not enough data
8.0
20
Not enough data
9.0
23
Not enough data
9.1
23
Not enough data
Testing
6.6
18
Not enough data
5.9
19
Not enough data
6.0
21
Not enough data
6.9
18
Not enough data
6.8
17
Not enough data
8.2
21
Not enough data
6.8
22
Not enough data
Agentic AI - Static Application Security Testing (SAST)
Not enough data
Not enough data
Administration
Not enough data
7.9
7
Not enough data
9.2
6
Analysis
Not enough data
8.3
7
Not enough data
8.3
5
Not enough data
9.3
7
Not enough data
8.8
7
Not enough data
8.6
6
Testing
Not enough data
Not enough data
Not enough data
9.0
5
Not enough data
Not enough data
Not enough data
8.3
5
Not enough data
8.0
5
Not enough data
7.8
6
Performance
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Network
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Application
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Agentic AI - Vulnerability Scanner
Not enough data
Not enough data
Not enough data
Not enough data
Functionality
8.1
31
Not enough data
8.4
30
Not enough data
8.2
29
Not enough data
Management
Feature Not Available
Not enough data
7.5
25
Not enough data
7.8
27
Not enough data
Bug Reporting
7.7
10
Not enough data
8.0
10
Not enough data
8.3
10
Not enough data
Bug Monitoring
7.8
10
Not enough data
8.2
10
Not enough data
8.5
10
Not enough data
Agentic AI - Bug Tracking
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Functionality - Software Composition Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Effectiveness - Software Composition Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Documentation
7.8
36
Not enough data
7.6
35
Not enough data
8.2
36
Not enough data
Security
6.8
34
Not enough data
7.0
32
Not enough data
7.9
33
Not enough data
Risk management - Application Security Posture Management (ASPM)
9.3
5
Not enough data
Feature Not Available
Not enough data
9.0
5
Not enough data
8.9
6
Not enough data
Integration and efficiency - Application Security Posture Management (ASPM)
7.8
6
Not enough data
Feature Not Available
Not enough data
Reporting and Analytics - Application Security Posture Management (ASPM)
7.8
6
Not enough data
Not enough data
Not enough data
8.3
5
Not enough data
Agentic AI - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Functionality - Software Bill of Materials (SBOM)
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Management - Software Bill of Materials (SBOM)
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
AI Compliance
Not enough data
Not enough data
Not enough data
Not enough data
Feature Not Available
Not enough data
Risk Management & Monitoring
Feature Not Available
Not enough data
Not enough data
Not enough data
AI Lifecycle Management
Feature Not Available
Not enough data
Access Control and Security
Not enough data
Not enough data
Collaboration and Communication
Feature Not Available
Not enough data
Agentic AI - AI Governance Tools
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Feature Not Available
Not enough data
Not enough data
Not enough data
Agentic AI - Static Code Analysis
6.3
8
Not enough data
5.7
7
Not enough data
6.7
8
Not enough data
Performance - AI AppSec Assistants
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Integration - AI AppSec Assistants
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Cloud Visibility
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Security
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Identity
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Interactive Application Security Testing (IAST)Hide 1 FeatureShow 1 Feature
Not enough data
Not enough data
Agentic AI - Interactive Application Security Testing (IAST)
Not enough data
Not enough data
Categories
Categories
Shared Categories
SonarQube and Veracode Application Security Platform are categorized as Secure Code Review, Static Application Security Testing (SAST), Static Code Analysis, Software Composition Analysis, and AI AppSec Assistants
Unique Categories
SonarQube is categorized as Application Security Posture Management (ASPM), Software Development Analytics Tools, Bug Tracking, Software Bill of Materials (SBOM), and AI Governance Tools
Veracode Application Security Platform is categorized as Penetration Testing, Vulnerability Scanner, Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST)
Reviews
Reviewers' Company Size
SonarQube
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
Veracode Application Security Platform
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
Small-Business
(50 or fewer emp.)
Mid-Market
(51-1000 emp.)
Enterprise
(> 1000 emp.)
Reviewers' Industry
Information Technology and Services
27.2%
Computer Software
21.6%
Financial Services
6.4%
Hospital & Health Care
3.2%
Computer & Network Security
3.2%
Other
38.4%
Information Technology and Services
30.4%
Hospital & Health Care
13.0%
Consumer Goods
8.7%
Computer Software
8.7%
Telecommunications
4.3%
Other
34.8%
Discussions
SonarQube has no discussions with answers
Veracode Application Security Platform has no discussions with answers
Hunting for software insights?
With over 3 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.
