Difference between SonarQube and Fortify?

user3847894 picture user3847894 · Oct 15, 2019 · Viewed 12.4k times · Source

Can someone tell me what is the difference between SonarQube and Fortify? Both are static code analysis tool. I found out Fortify is more inclined towards security as it gives information about vulnerabilities included in OWASP, SANS etc. SonarQube also shows this information.

Answer

Atmanirbhar Bharat picture Atmanirbhar Bharat · Oct 15, 2019

Fortify essentially classifies the code quality issues in terms of its security impact on the solution. While Sonarqube is more of a Static code analysis tool which also gives you like "code smells," though Sonarqube also lists out the vulnerabilities as part of its analysis.

However, the biggest difference is Cost .. Sonarqube is Free to use (with community support) while Fortify needs a license, which is expensive.