SonarQube vs Scanmycode
SonarQube as being market leader offers a very nice and professional solution. Unfortunately, this comes at a hefty price tag.
If you would like to save money, don’t need such a professional, big and complex solution, it might be the case that Scanmycode.today can fit your SAST/Code Scanning needs for your CI/CD.
Below for comparison, you can take a look at SonarQube rules in comparison to Scanmycode.today. Make an informed decision based on that.
Python – 134 rules
Ruby – 42 rules
PHP – 189 rules
Fig 1. SonarQube rules
Scanmycode.today (Settings->Issue Classes):
Python – 223
Ruby – 84
PHP – 216 (13 Issue Classes)
Fig 2. Scanmycode.today Issue Classes/Rules
Scanmycode.today can be used along SonarQube, whenever it could be faster, easier to implement (just one click in the interface), it makes sense to use it.
SAST/Code Scanning in CI/CD is an important aspect of Secure SDLC and a great plus/needed for compliance. So the more projects have it, we will fix findings, the better.
It pretty much run SAST analyzers/Linters now only for PHP, Ruby, Python, JS, GO, Secret Scanning (Java can be added) and unify the Report. CI/CD integateable. Many features to dismiss bug, enable/disable certain analyzers and Linters, collaboration etc.
Feel free to use it for Open Source, your personal projects to give it a “spin”.
Below scan in action:
Fig 3. Scanmycode.today in action