SonarQube Server vs. Trend Vision One Email and Collaboration Security

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
SonarQube Server
Score 9.5 out of 10
N/A
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
$720
per year per installation
Trend Vision One Email and Collaboration Security
Score 8.9 out of 10
N/A
The Trend Vision One Email and Collaboration Security application secures Microsoft Office 365 and other cloud storage applications.N/A
Pricing
SonarQube ServerTrend Vision One Email and Collaboration Security
Editions & Modules
Community
Free
Developer EDITION
starting at $720
per year per installation
Enterprise EDITION
Contact sales for pricing
per year per installation
Data Center EDITION
Contact sales for pricing
per year per installation
No answers on this topic
Offerings
Pricing Offerings
SonarQube ServerTrend Vision One Email and Collaboration Security
Free Trial
YesNo
Free/Freemium Version
YesNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
SonarQube ServerTrend Vision One Email and Collaboration Security
Considered Both Products
SonarQube Server
Chose SonarQube Server
Some are still under consideration. Pricing is a big component. Some FOSS products have been considered is at par (at least for our needs) or catching up. Although the amazing support in the community weighs hard on the value. So, if it went away...so would some arguments …
Chose SonarQube Server
SonarQube is more focused on code quality, whereas Veracode does a better job of finding security vulnerabilities. We lean towards SonarQube because we are looking for quality.
Chose SonarQube Server
Jenkins and Gitlab are not exact alternatives for SonarQube, however, they do provide functionality for running and executing build pipelines for various languages and generating reports. However, they are not extensible, have no integration with IDEs and not suitable for …
Chose SonarQube Server
SonarQube deployment worked well with our pipeline and had the right integrations with our IDE as well as it worked well with analyzing .NET frameworks when compared to GitHub and GitLab which has some of the functionality and can do some checks, but SonarQube made more sense …
Chose SonarQube Server
SonarQube is a SAST, SOOS focuses on SCA and DAST - both of which we felt were out of scope for our immediate needs. Plus, through plugins SonarQube is able to accomplish some SCA.
Chose SonarQube Server
SonarQube identifies significant more thing compared to the built-in suggestions in IntelliJ IDEA. The suggestions how to correct issues are also a lot better with SonarQube. IntelliJ IDEA provides great refactoring support to make it easy to refactor the code to solve issues. …
Chose SonarQube Server
Getting SonarQube instead of the other tools we tested was an easy choice. Snyk was way too much limited to only Docker images and dependency analysis at that time. And Checkmarx was very hard to adapt to our needs : configuring custom quality gates was way too much of a …
Chose SonarQube Server
SonarQube is much improved version as compared to SonarLint and Findbugs or any other software we found in similar category. It's open source and can be easily integrated with code pipeline.
Chose SonarQube Server
We decided to use SonarQube for the following reasons:
  1. Multi-language support: SonarQube supported all the languages used in our codebase while some of the other tools did not.
  2. Customizable quality profiles: SonarQube allowed teams to create custom quality profiles that aligned …
Chose SonarQube Server
I have used GitHub more that fortify so I am more familiar with GitHub for checking for vulnerabilities. I have noticed GitHub is good for checking different packages within your project but as far as checking code Quality and coverage Sonar is the better one in my opinion. …
Chose SonarQube Server
Visual Studio has some nice code analysis tools, most which can be activated at development time.
But they have some shortcomings and using an external tool allows catching issues that were not seen during development.
Using this dual approach makes for a more robust application …
Chose SonarQube Server
I have used other tools like SoapUI and Postman, but their working and use case are totally different from the SonarQube, so basically cannot compare SonarQube with them. We use SonarQube in our project to basically calculate the code quality report mostly. In that report, we …
Chose SonarQube Server
I personally evaluated klocwork in a previous company and it worked well for Static Code Analysis for C++ applications but the Java support was not as good as SonarQube.

Also the overall tooling and integrations provided by SonarQube is stellar and very other competitors can …
Chose SonarQube Server
Setting up with Azure devops is easier.
Scans results and depth of tweaking/whitelisting code snippets is easier with SonarQube.
Chose SonarQube Server
SonarQube is an open-source. It's a scalable product. The costs for this application, for the kind of job it does, are pretty descent. Pipeline scan is more secured in SonarQube. Its a very good tool and its support multiple languages. Its main core competency is of static code …
Chose SonarQube Server
SonarQube contains all of their features. Findbugs has very limited capabilities. It is just a static code analyser and does not check for a continous code quality and also not possible to integrate its plugin azure devops .net pipelines and more importantly SonarQube ui is …
Chose SonarQube Server
Sonar Qube doesn't do as good of a job of finding security vulnerabilities as dedicated SAST software, but it does more for code quality that the developers want to see. A comparison of Sonar Qube to something like Veracode or Fortify isn't apples to apples since they're not …
Chose SonarQube Server
We found SonarQube right at the beginning of our research process and found that it met most of our needs. SonarQube fit very nicely into our TFS continuous integration process. We seamlessly integrated the SonarQube steps into our TFS process via the Microsoft Marketplace. …
Chose SonarQube Server
Gitlab, if you have the right license, ships with a static analysis tool. It integrates better with Gitlab, but didn't seem to have the same quality output that Sonarqube did. Sonarqube's community version is plenty suitable for day to day analysis operations.
Trend Vision One Email and Collaboration Security
Chose Trend Vision One Email and Collaboration Security
Comprehensive protection, seamless integration and ease of use
Chose Trend Vision One Email and Collaboration Security
Trend Micro seems to be quite better as the features compared to other brands as quite impressive, though the pricing is on a higher side compared to others but the security level is 99%.
Chose Trend Vision One Email and Collaboration Security
It is cheaper than most other business antivirus/malware that I have used before, and has a smaller footprint on endpoints. It also seems to have fewer false positives. It is very easy to install compared to others, and has a solid web-based control panel for administering …
Chose Trend Vision One Email and Collaboration Security
To date we had only utilized Symantec Small Business Suite for all of our antivirus needs. We had only moved to the cloud environment during the summer of 2020, and after doing so I'm not sure that I would ever change from Trend Micro Cloud App Security. The cost and features …
Best Alternatives
SonarQube ServerTrend Vision One Email and Collaboration Security
Small Businesses
GitLab
GitLab
Score 8.7 out of 10
GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
SonarQube ServerTrend Vision One Email and Collaboration Security
Likelihood to Recommend
8.8
(0 ratings)
9.0
(0 ratings)
Likelihood to Renew
-
(0 ratings)
9.0
(0 ratings)
Usability
9.1
(0 ratings)
8.0
(0 ratings)
Availability
-
(0 ratings)
10.0
(0 ratings)
Performance
-
(0 ratings)
8.0
(0 ratings)
Support Rating
9.0
(0 ratings)
9.0
(0 ratings)
Product Scalability
-
(0 ratings)
9.0
(0 ratings)
Vendor post-sale
-
(0 ratings)
9.0
(0 ratings)
Vendor pre-sale
-
(0 ratings)
10.0
(0 ratings)
User Testimonials
SonarQube ServerTrend Vision One Email and Collaboration Security
Likelihood to Recommend
Scenarios where SonarQube is well suited:
  1. Large codebase: The tool's static analysis capabilities can help teams quickly identify and fix bugs, vulnerabilities, and code smells in large codebases.
  2. Compliance and security: The tool can check the code against industry standards or regulations, such as OWASP and CWE, and identify any issues that need to be addressed.
  3. Agile development: SonarQube can be integrated with CI/CD pipelines allowing teams to continuously monitor and improve code quality throughout the development process.
  4. Teams using multiple languages: Teams that use multiple programming languages can benefit from using SonarQube, as the tool supports a wide range of languages and can be integrated with a variety of development tools.
Scenarios where SonarQube may be less appropriate:
  1. Small codebase: Organizations with a small codebase may not see the full benefits of using SonarQube, as the tool's static analysis capabilities may be overkill for a smaller codebase.
  2. Limited resources: Organizations with limited resources may find it difficult to set up and configure SonarQube, as the tool can be complex and may require specialized expertise.
  3. Limited integration: Organizations that use development tools or IDEs that are not supported by SonarQube may find it difficult to integrate the tool into their existing development workflow.
  4. Limited scalability: Large organizations with millions of lines of code may find SonarQube's performance and scalability to be an issue. It may take longer for the analysis to finish and the results may not be as accurate.
Read full review
Cloud App Security blocks all incoming bad emails and drive files without interacting with the portal or having to worry about anything coming through. It demonstrates its ability to work in scenarios where overhead is limited. It could have some improvements in the way where more options are given in the config to make bypass rules or exclusions.
Read full review
Pros
  • Generating code quality report
  • Calculates junit coverage of the codebase very efficiently and precisely
  • Highlights the bugs and vulnerabilities in our codebase
  • Informs the user of the improvements which can be done to the code to make it cleaner
  • SonarQube also suggests remediation and resolution of the problems it highlights
Read full review
  • Protects the organization from ransomware and business email compromise.
  • Integrates well with Office 365 without compromising on performance and security.
  • Easy to manage.
Read full review
Cons
  • It doesn't provide automatic pull request with fixes
  • It doesn't provide insights about the libraries of the projects
  • The administration management user interface could be simplified
  • It doesn't provide an order to fix issues, like archives with more and frequent commits have top priority
Read full review
  • Their web-support is not very clear, even though phone support is fine
  • Remote endpoints that don't have a strong or constant internet connection frequently report as offline - kind of annoying
  • Their settings don't seem to be mapped out very clearly, so there is a lot of hunting to find the right one to change
Read full review
Likelihood to Renew
No answers on this topic
Only a 9 if the product become completely unaffordable. Covid-19 has adversely affected Higher Ed budgets, if that should happen I would lobby hard to find cuts elsewhere...TrendMicro CAS is a necessary tool for any business to have!
Read full review
Usability
It can improve in some user experience and usability parts, like the code view and the way we assign issues it's a bit hidden and not highlighted
Read full review
It is very easy to implement the policies and get around in the platform. It is easy to release from system quarantine if something inadvertently gets added. The Dashboard has a lot of really good info around the types of detections over last 24 hrs, 7 Days, or 30 Days. It would be nice if when doing log searches, one could search all of the "types" at one time. Types include things like Quarantine, Ransomware, Virtual Analyzer, etc.
Read full review
Reliability and Availability
No answers on this topic
Has always been available for us in 2+ years...100% uptime thus far
Read full review
Performance
No answers on this topic
On the desktop/laptop it works flawlessly, just need a mobile friendly site or an app to support a workaholic like me
Read full review
Support Rating
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Read full review
Trend Micro Cloud App Security’s support has been highly competent and thorough when we have needed their assistance. Their support has been quickly dispatched, both through telephone and Email, while answer our questions and providing the “inside baseball” answers we have wanted when discussing the why and how of certain issues. When it came to implementation, their support sat through us as we deployed agents and took us on an adventure few implementations have.
Read full review
Alternatives Considered
SonarQube identifies significant more thing compared to the built-in suggestions in IntelliJ IDEA. The suggestions how to correct issues are also a lot better with SonarQube. IntelliJ IDEA provides great refactoring support to make it easy to refactor the code to solve issues. We use these tools together and they really complement each other.
Read full review
It is cheaper than most other business antivirus/malware that I have used before, and has a smaller footprint on endpoints. It also seems to have fewer false positives. It is very easy to install compared to others, and has a solid web-based control panel for administering users accounts. It is very easy to monitor our remote users and apply policies or scans even when they are off-line.
Read full review
Return on Investment
  • Positive ROI from the standpoint of flagging several issues that would have otherwise likely been unaddressed and caused more time to be spent closer to launch
  • Slightly positive ROI from time-saving perspective (it's an automated check which is nice, but depending on the issues it finds, can take developers time to investigate and resolve)
Read full review
  • CAS gives us peace of mind knowing the file systems we rely on in the cloud are protected the same way they would be if they were sitting in our office. This leads to a reduced risk of downtime that could otherwise limit us from being able to properly support our customers.
Read full review
ScreenShots

SonarQube Server Screenshots

Screenshot of Application Status.Screenshot of Portfolio Overview.Screenshot of Taint Analysis.