SonarQube as SAST Vs Fortify SAST

SonarQube Server / Community Build
1

Hi,

I am looking for a comparison between SonarQube vs Fortify in the SAST area as they are been currently evaluated within my company to select one tool that will be used within our DevOps pipeline.

My understanding till now that Fortify SAST is better that SonarQube as it is tailored to be a security code analyzer, moreover, it is well known within Gartner recent report while SonarQube is not mentioned there.

I would be grateful for any feedback as I not able to find a clear answer on that.

Thanks!!

2

Hello and welcome to the forum!

I would say that SonarQube is much better than Fortify :slight_smile:

More seriously we, SonarSource, do not run such comparison as:

  • it is very simple to try to see what you get
  • we focus all our energy onto adding value to our product
  • the adoption of SonarQube speaks for itself

Quick note on Gartner: the first 2 points above are probably the main reasons why we are not on Gartner…

I am happy to connect you, should you wish to evaluate the product.

Olivier

5 Likes
3

Hi Olivier,
I am also looking to compare Sonar with Synk and Fortify mainly for static scanning. PLease share any resources or analysis that has been done.

6

Hi Sandhya!

I just sent you a private message to setup a meeting with you to review this topic. Feel free to follow up there and we can begin our discussions!

7

And I’m going to close this old topic. :slight_smile: