Comparison of codeql and sonar qube for security #23628
-
Hello guys! I wonder if there are any papers or articles on codeql being compared to other tools like sonar, pvs studio or any other? It would be really great if you could share link or name of such documents. Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
Hello. We do not publish public materials on comparisons with other tools. |
Beta Was this translation helpful? Give feedback.
-
Hello team, Is there any comparison model between SonarQube and GitHub Checks API |
Beta Was this translation helpful? Give feedback.
-
For those that came here hoping for answers, this may be insightful to you: https://www.researchgate.net/publication/372134053_Analysis_of_tools_for_static_security_testing_of_applications |
Beta Was this translation helpful? Give feedback.
Hello. We do not publish public materials on comparisons with other tools.
If your focus is public open-source repositories, I encourage you to try out code scanning with CodeQL as a way of evaluating it yourself: see About code scanning - GitHub Docs to get started.
If you are interested in using CodeQL and GitHub Advanced Security for your organisation or private repositories, I encourage you to check out Features · Security · GitHub. That page includes links to this application security guide, links to several other whitepapers, and contact information for the GitHub Advanced Security sales team, who can assist you with evaluating the technology on your organisation’s codebases.