SonarQube vs Scanmycode

SonarQube as being market leader offers a very nice and professional solution. Unfortunately, this comes at a hefty price tag.

If you would like to save money, don’t need such a professional, big and complex solution, it might be the case that Scanmycode.today can fit your SAST/Code Scanning needs for your CI/CD.

Below for comparison, you can take a look at SonarQube rules in comparison to Scanmycode.today. Make an informed decision based on that.

Rules comparison

Rules (https://rules.sonarsource.com)

SonarQube:
Python – 134 rules
Ruby – 42 rules
PHP – 189 rules
JavaScript – 221 rules

Fig 1. SonarQube rules

Scanmycode.today (Settings->Issue Classes):
Python – 223
Ruby – 84
PHP – 216 (13 Issue Classes)
JavaScript – 169

Fig 2. Scanmycode.today Issue Classes/Rules

Scanmycode.today can be used along SonarQube, whenever it could be faster, easier to implement (just one click in the interface), it makes sense to use it.

SAST/Code Scanning in CI/CD is an important aspect of Secure SDLC and a great plus/needed for compliance. So the more projects have it, we will fix findings, the better.

It pretty much run SAST analyzers/Linters now only for PHP, Ruby, Python, JS (Go and Java can be added) and unify the Report. CI/CD integateable. Many features to dismiss bug, enable/disable certain analyzers and Linters, collaboration etc.

Feel free to use it for Open Source, your personal projects to give it a “spin”.

Below scan in action:

Fig 3. Scanmycode.today in action